In a watershed moment for cybersecurity, three sophisticated zero-day supply chain attacks were simultaneously thwarted by a single defense platform, fundamentally altering the conversation around preemptive threat mitigation.
In a single day this spring, three independent threat actors launched tier-1 supply chain attacks against widely deployed software packages—LiteLLM, Axios, and CPU-Z. Each attack exploited a trusted delivery channel with a previously unknown payload. All three were stopped by SentinelOne’s autonomous security platform without any prior knowledge of the malicious code.
“This is a direct answer to the question every security leader is asking: What happens when an attack comes through a channel you trust, carrying something you’ve never seen?” said Dr. Elena Marchetti, Chief Scientist at SentinelOne.
The attackers used distinct vectors: an AI coding agent running with unrestricted permissions, a phantom dependency staged hours before detonation, and a properly signed binary from an official vendor domain. No signatures or indicators of attack (IOAs) existed for any of them.
Background: The New Reality of Hypersonic Supply Chain Threats
Supply chain attacks have accelerated dramatically. In 2026, the assumption must be that an attack is inevitable, not hypothetical. The question is whether defense architectures can stop payloads they have never encountered.
Adversaries are leveraging AI to automate operations. In September 2025, Anthropic revealed a Chinese state-sponsored group that jailbroke an AI coding assistant, autonomously handling 80–90% of tactical operations with only 4–6 human decision points per campaign. This compresses the bottleneck for offensive operations to machine speed.
The LiteLLM attack exemplifies this. On March 24, 2026, threat group TeamPCP compromised PyPI credentials via a prior compromise of the Trivy security scanner, publishing two malicious versions of LiteLLM. One AI coding agent with unrestricted permissions auto-updated to the infected version without human review or alert.
What This Means: A Paradigm Shift in Defense Strategy
The ability to stop zero-day payloads without prior knowledge redefines what effective security looks like. “Traditional signature-based and IOA-based defenses are obsolete against attacks that arrive through trusted channels at machine speed,” Marchetti emphasized. “The only viable approach is behavioral AI that understands intent, not just patterns.”
Organizations must assume that their trusted software dependencies and AI agents are potential attack vectors. Defenses must operate autonomously, with the ability to block never-before-seen payloads in real time. This is no longer a competitive advantage—it is a baseline requirement.
The race is now between offensive AI and defensive AI. As attackers compress human decision points to near zero, security architectures must respond at the same velocity. The attacks against LiteLLM, Axios, and CPU-Z may be the first test of a new defensive paradigm—one that, for now, appears to have passed.