LiteLLM’s unauthenticated SQL injection flaw (CVE-2026-42208) allows any network-reachable attacker to extract all stored AI provider API keys — OpenAI, Anthropic, and AWS Bedrock — from the proxy database without credentials. Active exploitation was confirmed within 36 hours of disclosure. A single compromised instance exposes an organization’s entire AI provider account surface.