Kong Security Update: Kong Is Not Affected by the PyPi-Distributed LiteLLM Supply Chain Attack

Kong assures its customers that it is unaffected by the recently publicized PyPI LiteLLM incident, as it does not utilize LiteLLM in its runtime stack. The LiteLLM versions 1.82.7 and 1.82.8, distributed via PyPI, contained a malicious script capable of stealing credentials from environments where it was installed. While Kong's products are not impacted, organizations using LiteLLM independently should treat any environment that used pip install for these versions as potentially compromised. Other popular projects, such as CrewAI and Camel-AI, might also be affected if installations occurred during a specific four-hour window. For further inquiries about Kong's security or AI infrastructure, customers are encouraged to contact their Kong account team or the security team via email.