HIGHSupply Chain
Verified
Global

Supply Chain Attack Compromises Python AI/ML Libraries — 45M Downloads

Wednesday, March 25, 2026 at 10:00 PM UTC·Source: JFrog Security Research

Updated: Thursday, March 26, 2026 at 02:00 PM UTC

Executive Summary

Three popular Python AI/ML packages on PyPI compromised. Credential-stealing code targets AWS, GCP, Azure, and AI API keys.

Analysis

JFrog uncovered compromised maintainer accounts on three AI/ML packages with 45M combined weekly downloads. Malicious versions exfiltrate cloud credentials and AI service API keys (OpenAI, Anthropic, Hugging Face). Live for 72 hours before detection.

Timeline

Discovered
Mar 25, 2026
Published
Mar 25, 2026

Indicators of Compromise (3)

CVE (3)
CVE-2026-31001
NVDMITRE CVE
CVE-2026-31002
NVDMITRE CVE
CVE-2026-31003
NVDMITRE CVE
Source Attribution

Originally published by JFrog Security Research on Mar 25, 2026. Verified by: JFrog, PyPI Security, CISA.

Related Threats

MEDIUMSupply Chain

Mercor confirms security incident tied to LiteLLM supply chain attack

Although the LiteLLM attack was reportedly tied to a group called TeamPCP, the hacking gang Lapsus$ claimed on its website that it obtained hundreds of gigabytes of Mercor’s data.

The Record
MEDIUMSupply Chain

Threat Brief: Widespread Impact of the Axios Supply Chain Attack

Unit 42 discusses the supply chain attack targeting Axios. Learn about the full attack chain, from the dropper to forensic cleanup. The post Threat Brief: Widespread Impact of the Axios Supply Chain Attack appeared first on Unit 42 .

Unit 42 (Palo Alto)
LOWSupply Chain

Axios NPM Package Breached in North Korean Supply Chain Attack

A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek .

SecurityWeek