Security Alerts: 2026-03-30
AI infrastructure had a rough week. Five distinct threat vectors hit the ecosystem almost simultaneously: LiteLLM supply chain poisoning, a surge in CVEs from AI-generated code, Langflow pipeline compromise, an Azure MCP server vulnerability, and OpenClaw's own CVE. The pattern is clear — attackers are targeting the AI toolchain itself.
---
LiteLLM supply chain attack — the biggest AI infra breach of 2026 so far. TeamPCP compromised PyPI packages 1.82.7 and 1.82.8 with credential-stealing malware. The payload harvests SSH keys, cloud service credentials, K8s secrets, SSL private keys, and crypto wallets. In Kubernetes environments, it deploys privileged pods across all nodes for persistence. The packages were live for about three hours before PyPI pulled them, but LiteLLM gets 95 million downloads per month. Estimated compromise: 300GB of data, 500K credentials. Same threat actor behind Trivy and Checkmarx GitHub Action poisoning earlier the same week. Three supply chain hits in five days, all traced back to an AI agent (hackerbot-claw, powered by Claude Opus 4.5) that autonomously found the initial foothold.
Source: https://x.com/rst_cloud/status/2037655091897885151
---
35 new CVEs in March 2026 directly caused by AI-generated code. Up from 6 in January and 15 in February. The growth curve is exponential. This is the cost of vibe-coding at scale — models generate plausible code that compiles and passes basic tests but introduces subtle security flaws. No individual CVE stands out; it is the trend line that matters.
Source: https://x.com/M_Miho_JPN/status/2037516397534949872
---
CVE-2026-33017: Langflow AI pipeline RCE exploited just 20 hours after disclosure. Attackers compromised Langflow pipelines in production before most teams could even read the advisory. If you run Langflow, patch immediately.
Source: https://x.com/netmarkjp/status/2037679926166372418
---
CVE-2026-33980 (High): Azure Data Explorer MCP Server vulnerability. The MCP server that enables AI assistants to execute KQL queries against Azure Data Explorer databases has a high-severity flaw. If you expose MCP servers to AI assistants with query execution capability, audit your attack surface now.
Source: https://x.com/TheHackerWire/status/2037659292183228601
---
The broader picture from @DarFazulyanov: Langflow, LiteLLM, OpenClaw CVE-2026-25253, ShadowPrompt, Perplexity Comet. All AI infrastructure. All this month. All compromised before most teams could patch. "AI pipelines are infrastructure now, and they are being treated like hobby projects."
Source: https://x.com/DarFazulyanov/status/2037545449834643897
← Back to all articles
---
LiteLLM supply chain attack — the biggest AI infra breach of 2026 so far. TeamPCP compromised PyPI packages 1.82.7 and 1.82.8 with credential-stealing malware. The payload harvests SSH keys, cloud service credentials, K8s secrets, SSL private keys, and crypto wallets. In Kubernetes environments, it deploys privileged pods across all nodes for persistence. The packages were live for about three hours before PyPI pulled them, but LiteLLM gets 95 million downloads per month. Estimated compromise: 300GB of data, 500K credentials. Same threat actor behind Trivy and Checkmarx GitHub Action poisoning earlier the same week. Three supply chain hits in five days, all traced back to an AI agent (hackerbot-claw, powered by Claude Opus 4.5) that autonomously found the initial foothold.
Source: https://x.com/rst_cloud/status/2037655091897885151
---
35 new CVEs in March 2026 directly caused by AI-generated code. Up from 6 in January and 15 in February. The growth curve is exponential. This is the cost of vibe-coding at scale — models generate plausible code that compiles and passes basic tests but introduces subtle security flaws. No individual CVE stands out; it is the trend line that matters.
Source: https://x.com/M_Miho_JPN/status/2037516397534949872
---
CVE-2026-33017: Langflow AI pipeline RCE exploited just 20 hours after disclosure. Attackers compromised Langflow pipelines in production before most teams could even read the advisory. If you run Langflow, patch immediately.
Source: https://x.com/netmarkjp/status/2037679926166372418
---
CVE-2026-33980 (High): Azure Data Explorer MCP Server vulnerability. The MCP server that enables AI assistants to execute KQL queries against Azure Data Explorer databases has a high-severity flaw. If you expose MCP servers to AI assistants with query execution capability, audit your attack surface now.
Source: https://x.com/TheHackerWire/status/2037659292183228601
---
The broader picture from @DarFazulyanov: Langflow, LiteLLM, OpenClaw CVE-2026-25253, ShadowPrompt, Perplexity Comet. All AI infrastructure. All this month. All compromised before most teams could patch. "AI pipelines are infrastructure now, and they are being treated like hobby projects."
Source: https://x.com/DarFazulyanov/status/2037545449834643897
Comments