LiteLLM Was Compromised. That's Why I'm Building GoModel

LiteLLM just had a serious supply chain incident.

According to the public GitHub reports, malicious PyPI versions of LiteLLM were published, including 1.82.8, with code that could run automatically on Python startup and steal secrets like environment variables, SSH keys, and cloud credentials. The reported payload sent that data to an attacker-controlled domain. A follow-up issue says the PyPI package was compromised through the maintainer's PyPI account, and that the bad releases were not shipped through the official GitHub CI/CD flow.

This is bigger than one package. It is a reminder that the AI infra layer is now part of your security boundary.

That is one reason I'm building GoModel: a faster, simpler alternative to LiteLLM, written in Go. My goal is straightforward - less complexity, smaller attack surface, and better performance for teams that want a reliable LLM gateway.

You can check it out here: https://github.com/ENTERPILOT/GOModel/