Home / Security updates / Datadog’s Response to the LiteLLM PyPI Package Compromise
Datadog’s Response to the LiteLLM PyPI Package Compromise
Security updates detail rendered from /security-updates/upd_91364a65263473c4.
Overview
| ID | upd_91364a65263473c4 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Datadog |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_91364a65263473c4 |
| providerId | safebase |
| organizationId | org_69291cebe8d5d66e |
| trustCenterId | tc_3aed993e7dda3cf3 |
| title | Datadog’s Response to the LiteLLM PyPI Package Compromise |
| message | We are aware of the recently disclosed malicious LiteLLM PyPI packages (versions 1.82.7 and 1.82.8) and have investigated Datadog’s potential exposure. We are also following closely the activity of this threat actor group and its potential impact on the supply chain of Datadog software. Our exposure was limited to a build pipeline for a single internal project. We have contained the affected systems, and determined that the malicious activity was interrupted before any data exfiltration occurred. We have identified no impact to customer environments or customer data. For clarity, while Datadog offers a LiteLLM monitoring integration package as part of the Datadog Agent integrations, the Datadog Agent does not bundle the compromised LiteLLM PyPI package as a dependency. The Datadog Agent and this integration are therefore not affected by this issue. |
| url | - |
| publishedAt | 2026-03-25 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "incidents"
} |
| company | {
"id": "org_69291cebe8d5d66e",
"name": "Datadog",
"domains": [
"trust.datadoghq.com",
"datadoghq.com"
]
} |
| trust_center | {
"id": "tc_3aed993e7dda3cf3",
"name": "Datadog",
"url": "https://trust.datadoghq.com",
"host": "trust.datadoghq.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_91364a65263473c4",
"company": "/v1/companies/org_69291cebe8d5d66e",
"trust_center": "/v1/trust-centers/tc_3aed993e7dda3cf3",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_91364a65263473c4JSON