How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
06 April 2026
The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents.
In March 2026, the TeamPCP threat actor proved just how valuable developer machines are. Their supply chain attack on