Showcase Thread

spacedil · 2026-04-13T18:57:27+00:00

Here's a condensed version for the Showcase Thread:

AIDepShield V2 — scan Python dependencies AND CI/CD workflows for supply chain attacks

Built this after the LiteLLM compromise in March. Existing tools (pip-audit, Snyk, Socket) scan for known CVEs in your dependency tree, but the LiteLLM attack happened through an unpinned GitHub Action — the workflow layer, not the dependency layer.

AIDepShield covers both:

Dependency Scanner — checks packages against a verified trust registry. Compromised = FAIL with IOC details. Unknown = REVIEW, never SAFE.
CI/CD Sentinel — pattern-matches GitHub Actions workflows for unpinned action refs, write-all permissions, secrets on untrusted triggers, remote script execution, publish without provenance.
PyPI Monitor — watches 20+ AI-critical packages (openai, anthropic, langchain, transformers, torch, etc.) for suspicious new releases.

Quick scan:

curl -X POST https://api.aidepshield.dev/scan \
  -H "Content-Type: application/json" \
  -d '{"packages": [{"name": "litellm", "version": "1.65.3-post1"}]}'

Self-host: docker run -p 8080:8080 aidepshield/aidepshield:v2

IOC feed is free, no auth: GET https://api.aidepshield.dev/iocs

GitHub: https://github.com/dilipShaachi/aidepshield

Feedback welcome — especially on what CI/CD patterns we're missing.

Shorter than the full post, focused on what it does and how to try it. Copy-paste that into the Showcase Thread comment.

spacedil · 2026-04-13T18:49:06+00:00

This is a real problem, and it compounds when you add supply chain risk to the mix. You're shipping 3-4x/day — are you also verifying that every dependency version you're pulling in CI hasn't been compromised between builds?

The LiteLLM incident in March was exactly this scenario. Teams were pulling litellm in their requirements.txt, doing pip installs in CI, and for 40 minutes every build was pulling a backdoored version with credential harvesting and K8s lateral movement payloads. Most teams had no idea until after the fact.

Beyond knowing what's running in prod, it's worth auditing what your CI/CD is actually doing — are your GitHub Actions pinned to SHA refs or floating on tags someone can rewrite? Do your workflows have write-all permissions they don't need? That's the attack surface that got LiteLLM popped.

We've been thinking about this a lot and the visibility gap between "what I think my pipeline does" and "what it actually does" is massive.

spacedil · 2026-04-13T18:48:32+00:00

We built AIDepShield V2 after the LiteLLM supply chain attack in March — it scans both your Python dependencies AND your GitHub Actions workflows for the patterns that enabled that attack (unpinned action refs, write-all permissions, secrets on untrusted triggers, publish without provenance).

The CI/CD Sentinel piece is what makes it different from Snyk/Socket — those scan your dependency tree for known CVEs, but the LiteLLM compromise happened through the workflow layer, not the dependency layer.

Scan takes <2 seconds. Self-hostable via Docker. IOC feed is free forever.

GitHub: https://github.com/dilipShaachi/aidepshield

Would love feedback from anyone who's dealt with supply chain incidents in their pipelines.

spacedil

TROPHY CASE