[Security Advisory] LiteLLM supply chain compromise - update to latest ADK Python

[koverholt]

What happened?

We identified unauthorized code in LiteLLM versions 1.82.7 and 1.82.8 on Python Package Index (PyPI) that could be used to obtain sensitive credentials, including SSH keys, cloud provider credentials, and Kubernetes configuration files.

The LiteLLM package is an opt-in dependency that is installed from PyPI when you install the eval and extensions extras in Agent Development Kit (ADK) Python. The affected versions of LiteLLM were active for installation and downloading on Tuesday, March 24, 2026, between 10:39 UTC and 16:00 UTC.

We confirmed that the affected code has been taken down from the Python Package Index (PyPI). To avoid errors when installing ADK with the eval or extensions extras, we released new versions of ADK Python that are pinned to a known unaffected version of LiteLLM.

For more information on this issue, see LiteLLM's security blog post: Security Update: Suspected Supply Chain Incident.

Is there anything I need to do as a result of this issue?

Yes, we recommend you immediately take the following actions:

1. Check if your environments are affected: Determine if you have LiteLLM installed in your environments and if you are using an affected version of LiteLLM by running pip show litellm. If you installed or ran LiteLLM 1.82.7 or 1.82.8, proceed to the following steps. Refer to LiteLLM's security update blog post for additional details on indicators of compromise.

If you installed or ran LiteLLM 1.82.7 or 1.82.8:

2. Rotate credentials: Rotate all secrets, API keys, SSH keys, and service account keys only in environments where affected LiteLLM versions were installed. We also recommend that you take appropriate steps to investigate and protect any infrastructure exposed by those credentials.

3. Update ADK: If you use ADK Python with the eval or extensions extras that include LiteLLM, update to the latest version of ADK (which will install a version of LiteLLM that predates the compromised releases) by running:

   pip install -U "google-adk[eval]"
   

   or:

   pip install -U "google-adk[extensions]"
   

4. Update LiteLLM: If you use LiteLLM directly, install a version that predates the known vulnerabilities (e.g., 1.82.6 or earlier) or update to a later verified release once announced by LiteLLM.

5. Assess impact: Inspect any environment where credentials were exposed. Refer to LiteLLM's security update blog post for additional steps and information.