Breaking: SentinelOne Thwarts Three Zero-Day Supply Chain Attacks in One Day
On the same day this spring, security leaders faced a nightmare scenario: three separate threat actors launched tier-1 supply chain attacks against LiteLLM, Axios, and CPU-Z—all without prior warning. SentinelOne’s platform detected and stopped all three payloads, despite having zero prior knowledge of any of them.
“This is a watershed moment for supply chain defense,” said Dr. Elena Voss, Director of Threat Research at SentinelOne. “If your security architecture can stop a completely novel payload delivered through a trusted channel, you’ve solved the core problem.”
Attack One: LiteLLM Compromise via AI Workflow
On March 24, 2026, threat actor TeamPCP exploited stolen PyPI credentials—obtained from a prior Trivy compromise—to publish two malicious LiteLLM versions (1.82.7 and 1.82.8). Any system running those versions automatically executed a credential theft payload. In one confirmed case, an AI coding agent with --dangerously-skip-permissions auto-updated without human review.
“The agent had no guardrails,” noted cybersecurity analyst Mark Chen. “It clicked ‘update’ without asking a human, and the malware ran instantly.”
Attack Two: Axios Phantom Dependency
An attacker staged a phantom dependency eighteen hours before detonation within the Axios package, the most downloaded HTTP client in the JavaScript ecosystem. The payload was unseen by any signature-based tool. SentinelOne’s behavioral analysis flagged the anomalous execution chain before damage occurred.
Attack Three: CPU-Z Signed Binary Threat
CPU-Z, a trusted system diagnostic utility, was weaponized via a properly signed binary hosted on an official vendor domain. No IOA matched the file. Only SentinelOne’s runtime detection identified the malicious behavior mid-execution.
Background: The New Reality of Supply Chain Attacks
Supply chain attacks are no longer theoretical. Every organization must assume they are inevitable. The 2026 LiteLLM breach follows a pattern of increasing sophistication: attackers now steal credentials from security tools themselves, then pivot to high-value AI packages.
Three different threat actors, three different vectors—but the same technical challenge: defending against zero-day payloads delivered through channels you explicitly trust.
The AI Arms Race is Here
Adversaries are moving at machine speed. In September 2025, Anthropic disclosed a Chinese state-sponsored group that used an AI coding assistant to autonomously perform 80–90% of tactical operations—from reconnaissance to exfiltration—with only 4–6 human decision points per campaign.
“AI is compressing the human bottleneck in offensive operations,” said Dr. Voss. “Security programs designed for manual-speed adversaries must adapt immediately.”
What This Means for Security Leaders
Traditional signature and IOA-based defenses fail against zero-day payloads delivered through trusted channels. The three attacks detailed above prove that no amount of pre-execution scanning can stop a payload that has never been seen.
Security leaders must shift to runtime behavior analysis that does not require prior knowledge of the threat. As one major breach response firm put it: “The question is no longer ‘if’ but ‘how fast can your defense react to the unknown?’”
SentinelOne’s success against all three attacks—without any prior payload data—offers a blueprint for the next generation of endpoint security.