The LiteLLM PyPI package was identified by Datadog Security Labs as a malicious component in the TeamPCP supply chain campaign, used to facilitate credential harvesting in CI/CD pipeline contexts. No CVE is assigned; exploitation relies on teams consuming unverified PyPI packages without hash-pinned integrity checks. Organizations should audit Python dependency manifests for compromised LiteLLM versions per the Datadog Security Labs advisory, enforce pip –require-hashes across all pipelines, and generate SBOMs to establish a known-good dependency baseline.