LiteLLM PyPI compromise
Preventing the LiteLLM PyPI compromise
LiteLLM 1.82.7 and 1.82.8 stole local credentials. Automic Vault would have prevented the workstation credential theft phase.
Read the incident postAutomic Vault Blog
Package security for the agent era.
Practical notes on local tooling, agent-ready package packs, and the security layer below the prompt.
Latest
8 posts
Bitwarden CLI npm compromise
Preventing the Bitwarden CLI npm compromise
The compromised Bitwarden CLI npm package used install-time code to steal developer secrets. Automic Vault would have stopped the local theft.
Read the incident post
TanStack npm compromise
Preventing the TanStack npm credential theft
TanStack packages were poisoned through trusted publishing, then stole local secrets. Automic Vault would have prevented the endpoint theft.
Read the incident post
node-ipc npm backdoor
Preventing the node-ipc npm backdoor
The node-ipc backdoor ran on module load and exfiltrated secrets over DNS. Automic Vault would have prevented useful credential theft.
Read the incident post
Nx Console VS Code compromise
Preventing the Nx Console extension compromise
Nx Console 18.95.0 stole local developer credentials from editor sessions. Automic Vault would have stopped the local secret access.
Read the incident post
durabletask PyPI compromise
Preventing the durabletask PyPI compromise
Malicious durabletask PyPI releases fetched rope.pyz and stole cloud and developer secrets. Automic Vault would have blocked the local theft path.
Read the incident post
GitHub employee device breach
Preventing the GitHub employee device breach
A poisoned VS Code extension reached a GitHub employee device. Automic Vault would have prevented local credentials from becoming repository access.
Read the incident post
Agentic Toolkit
All the tools agents need.
The first Automic Vault pack gathers media processing, image work, runtimes, search, shell, build, OCR, metadata, and document conversion tools into one installable set.
Read the post