LiteLLM (BerriAI)

Organization

Entity Summary

Entity ID: ENT-LITELLMBERRI
Type: Organization

Roles: Developer Victim
Sectors: —
Incidents: 1

First Incident: 2026-03-24

Incident Activity

Incidents Involved as Developer/Deployer (1)

Incident ID	Title	Description	Severity	Date
INC-26-0015	TeamPCP Compromises LiteLLM via Poisoned Trivy Security Scanner	Criminal group TeamPCP compromised the LiteLLM AI proxy library — downloaded approximately 3.4 million times daily from…	critical	2026-03-24

Incidents Harmed By (1)

Incident ID	Title	Description	Severity	Date
INC-26-0015	TeamPCP Compromises LiteLLM via Poisoned Trivy Security Scanner	Criminal group TeamPCP compromised the LiteLLM AI proxy library — downloaded approximately 3.4 million times daily from…	critical	2026-03-24

Context & Analysis

LiteLLM (BerriAI) appears in 1 documented incident spanning March 2026. 100% of incidents are rated critical or high severity. The dominant threat domain is Security & Cyber (1 incident). The most common pattern is AI Supply Chain Attack, appearing in 2 incidents.

Threat Domains

Security & Cyber (1)

Top Threat Patterns

AI Supply Chain Attack (2) Tool Misuse & Privilege Escalation (2)

Frequently Asked Questions

What AI incidents involve LiteLLM (BerriAI), and what role did it play?

LiteLLM (BerriAI) appeared as developer in 1 incident; victim in 1 incident. Key incidents include: INC-26-0015 TeamPCP Compromises LiteLLM via Poisoned Trivy Security Scanner (critical severity, 2026-03-24) .

Which AI threat patterns involve LiteLLM (BerriAI)?

LiteLLM (BerriAI)'s incidents involve AI Supply Chain Attack , Tool Misuse & Privilege Escalation . These are part of a taxonomy of 49 patterns across 8 domains.

Use in Retrieval

LiteLLM (BerriAI) (ENT-LITELLMBERRI) is documented at /entities/litellm-berriai/ as an organization in the TopAIThreats.com database.

Incidents span 1 domain: Security & Cyber.

When citing, reference the canonical URL and specific incident IDs (e.g., INC-26-0015) for traceability.