security: pin litellm to 1.82.6 to avoid TeamPCP supply chain compromise

[trojan0x]

Summary

`pyproject.toml` currently declares `litellm>=1.69.1`, which resolves to the latest available version on install. Versions 1.82.7 and 1.82.8 of `litellm` were compromised in a supply chain attack discovered on March 24, 2026 by threat actor group TeamPCP.

What the malware does

The compromised packages include a `litellm_init.pth` file that executes automatically on every Python process startup — no `import litellm` needed. The payload:

1. Credential harvester — sweeps SSH keys, cloud credentials, Kubernetes secrets, `.env` files, and crypto wallets
2. Kubernetes lateral movement — deploys privileged pods to every node
3. Persistent backdoor — installs a `sysmon.service` systemd service

Impact on morphik-core

Any environment that did a fresh install of morphik-core and resolved `litellm>=1.69.1` to `1.82.7` or `1.82.8` should be considered fully compromised. This includes all LLM provider API keys (Anthropic, OpenAI, Google, etc.) and cloud credentials.

Recommended fix

Pin litellm to the last known-safe version in `pyproject.toml`:

```toml

Before

"litellm>=1.69.1",

After

"litellm==1.82.6",
```

I'm happy to open a PR for this if maintainers agree.

References

• LiteLLM security update (official)
• Simon Willison's breakdown
• TeamPCP campaign — The Hacker News
• Supply chain attack details — FutureSearch