You Patched LiteLLM, But Do You Know Your AI Blast Radius?

A recent incident involving LiteLLM, a widely used open-source package in the AI ecosystem, highlighted the complexities of modern AI systems and the limitations of traditional security measures. LiteLLM, a model gateway facilitating communication with over 100 LLM providers, was compromised with credential-stealing malware, affecting numerous downstream users, including AI recruiting startup Mercor, which suffered large-scale data exfiltration. This event underscores that the risk in AI systems often extends beyond a vulnerable dependency to encompass the entire execution path and the interconnections it facilitates. The compromised LiteLLM demonstrated that understanding AI system behavior requires visibility into how dependencies interact with model providers, tools, and agent workflows, a gap that traditional Software Composition Analysis (SCA) tools may not fully address. Evo AI-SPM is proposed as a solution to provide a comprehensive view of AI systems by mapping dependencies, identifying model gateways, and revealing the broader context of how AI components are utilized, thus enabling more effective governance and risk management.