The LiteLLM PyPI supply chain attack by TeamPCP involved a cascading attack chain: TeamPCP first compromised the Trivy security scanner’s GitHub Actions CI/CD pipeline (March 19, 2026), used stolen credentials to access LiteLLM’s PyPI publishing infrastructure, and pushed malicious versions of LiteLLM on March 27, 2026. LiteLLM is a widely used Python library for calling LLM APIs (OpenAI, Anthropic, etc.) used in AI application development. Downstream victim Mercor (AI data training startup) suffered a major breach via the LiteLLM compromise. This ‘supply chain of supply chains’ attack — one compromise enabling access to another trusted package — is documented separately in the LiteLLM/Mercor/TeamPCP records.