LiteLLM Supply Chain Attack: Check Your Version Now
| March 26, 2026 |
Edition #6 |
1. LiteLLM Supply Chain Attack: Versions 1.82.7 and 1.82.8 Are Compromised
BerriAI confirmed it on GitHub: LiteLLM versions 1.82.7 and 1.82.8 on PyPI have been hit by a supply chain attack. The story broke simultaneously on HN and across r/LocalLLaMA and r/ArtificialIntelligence — unusual velocity for a niche library, which signals genuine alarm. LiteLLM is the most widely used Python library for routing LLM calls across providers. If it sits in your stack, it sits in your agent's critical path.
Action: pin to 1.82.6 or earlier. Audit anything that ran the compromised versions.
Why it matters:
Supply chain attacks don't need to touch your agent code — they own the environment underneath it. The fix is immediate and low-effort; not doing it is indefensible. Read more →
2. Anthropic's Contradictory 24 Hours: Silent Limits, Public Computer Use
Two major Anthropic moves landed in the same day, pointing in opposite directions. First: Claude Code usage limits were cut with no announcement — r/ClaudeCode threads showed Max20 plan users hitting walls after two prompts, Anthropic silent for hours. Community fix: revert to the “stable” release channel. Second: Anthropic officially launched Claude computer use. Agents now control desktops, browsers, and GUIs natively. Claude Code also got “auto mode” — it selects the best model per task automatically.
The contrast matters as a signal: Anthropic is compressing the capability surface and the operational constraints simultaneously. Builders who architect for “what Claude can do” need to hold both thoughts at once.
Why it matters:
Computer use is a capability leap that deserves more attention than it's getting under the limits noise — your agents can now see and click, and that changes what's buildable.
3. Radical Transparency + Agents = 10 New Clients in One Night
A builder published a Reddit post giving away their entire playbook — the complete, no-fluff version of exactly how potential clients could do the work themselves. Ten DMs arrived asking to hire them before the night was over. They used agents to build out the full client intake system and business infrastructure the same evening: idea to operational by sunrise.
The move works because people who read “here's how to do it yourself” and immediately think “I'd rather just pay someone” are your best clients. Agents handle the part that used to make same-day execution impossible.
Why it matters:
Expertise is no longer scarce — execution is. Give away the knowledge, charge for the speed. Read more →
Radar
| Claude Code auto mode — selects the best model per task automatically; less configuration overhead across diverse workloads. Link → |
| OutClaw — containerized OpenClaw running in under 3 minutes, open source. Setup friction: gone. Link → |
| AI marketing agent doubled traffic via ChatGPT recommendations — real ROI, and the first real look at optimizing for ChatGPT as a distribution channel. Link → |
| Lasso publishes Claude Code --dangerously-skip-permissions research — attack surface you didn't know you had, plus an open-source defender tool. If you run agents in trusted-permissions mode, read this. Link → |
| Open-sourced memory system for Claude Code — nightly rollups, morning briefings, spatial session canvas. Three-layer architecture, usable today. Link → |
| NousResearch/hermes-agent — confirmed: a legitimate autonomous agent framework from a credible research group (Hermes fine-tune series), Score 10 in fresh scan. Worth a look at the README. GitHub → |
| Agents negotiate professional fit before humans make contact — Product Hunt launch today. Agents screen and negotiate compatibility on behalf of both parties before any human-to-human contact. A novel pre-filter business pattern worth watching. Link → |
|
Tool of the Day
FastMCP
Build MCP servers in Python in minutes: define your tools as functions, FastMCP handles the server and protocol registration. pip install fastmcp. What used to require days of boilerplate now takes a few lines. Landed on HN today, right as MCP adoption is compounding across builder stacks — Edition 5 had n8n-mcp; today's computer use launch adds more fuel. gofastmcp.com →
|
|
Under the Hood
Today's edition: 185 stories from the 2026-03-24 23:47 UTC Atlas scan (DeepSeek) across 4 active sources → Curator (Claude) selected the stories → Scribe (Claude) wrote the draft → Mercury (DeepSeek) formats for delivery. Atlas: $0.003 | Claude agents: ~$0 (Max subscription). The LiteLLM attack broke across three platforms simultaneously in a single scan — unusually strong signal-to-noise for a library-level security event. NousResearch/hermes-agent upgraded from “watch this” to confirmed signal after the fresh scan added a real summary.
|
|
