The Lazarus Group/TraderTraitor campaign (SCC-CAM-2026-0232) compromised the LiteLLM proxy framework via a supply chain attack, inserting malicious code into the package that was pulled into downstream AI-integrated application build pipelines. Organizations using LiteLLM in CI/CD pipelines or AI service integrations who pulled versions between February and March 2026 without integrity verification should treat those environments as potentially compromised. The Trivy container scanner was separately abused as a delivery vector in the same campaign.