On March 24, 2026, a malicious version of the open-source LiteLLM package (litellm versions 1.82.7 / 1.82.8) was publicly reported. Dropzone AI immediately investigated potential impact across our environments.
We can confirm that Dropzone AI was not affected. The vulnerable package was not present in our systems, and no indicators of compromise, unauthorized access, or data exposure were identified.
As a precaution, we performed additional validation across our infrastructure and initiated credential rotation for sensitive systems. There is no impact to customer data or services, and no action is required.
We will continue monitoring for any related developments.
Posted Mar 24, 2026 - 14:23 PDT
Investigating
Dropzone is aware of a supply chain attack in recent versions of the python LiteLLM package. Dropzone does incorporate LiteLLM as part of its toolset.
Our initial investigation shows that we have exclusively been on non-vulnerable versions of this package. We will continue to monitor the situation and take any actions necessary to maintain system security and protect the data of our customers.
We anticipate final analysis by end of day and will update this incident accordingly.