As reported here and widely elsewhere, "A hugely popular Python package called LiteLLM was compromised and used to deploy an infostealer malware to hundreds of thousands of devices." The malware grabbed API keys.env credentials, personal information, and much more. The danger is magnified because the package is frequently used by Claude Code, so people might not be aware their projects contain it. This points to the related question of how we store keys and credentials generally if we're working in a distributed that may involve AI agents and remote applications. To address this, Bitwarden has developed and offered as open source a software development kit (SDK) for "credential access with designated human oversight and robust end-to-end encryption, helping ensure passwords are never exposed or used without explicit authorization." Here's my own work (in collaboration with Claude) in this area - it's not quite as strong as what Bitwarden is proposing, but it's pretty strong.
Today: Total: [Direct link] [Share]
