I have a story for you you just you you

might not even believe. Okay, this story

is like an might Shyamalan movie. Okay,

there's going to be turn after turn

after turn. We got three big ones and

the final one, honestly, I'm still kind

of tickled by it. I barely laughed when

I saw it. I didn't even believe it. I

said, "Nope, this has to be fake news."

And in fact, it was not fake news. One

of the biggest Python packages that gets

downloaded 97 million times a month has

just been compromised. And when I say

compromised, what ends up happening is

that if you launch any Python process,

you will get everything taken from your

computer. I'm talking about every last

item. SSH keys, AWS, GCP, Azareware,

Kreds, Kubernetes, configs, git

credentials, environment variables,

shell history, crypto wallets, SSL,

private keys, CI/CD, secrets, database

passwords. We're talking about

everything. This vulnerability treated

your tokens like Pokemon. Okay, they

caught actually all of them. All right,

before we get to the Might Shyamalan

stuff, we got to do a little bit of that

meat and potatoes. Little reading of the

friendly manual. What actually happened

here? Well, there is a company called

Light LLM. And they provide kind of like

this nice little uniform layer to be

able to request all the other LLMs. know

they saw these 14 different standards

and decided if they developed a 15th

standard they would make universal

access and everything would be better.

Somehow the owner of the light LLM

GitHub repository got compromised and

the hackers were able to push out a

version of software that contained this

Xfiltration code. So now we're going to

start getting into some of the fun might

Shimamlan territory. So, number one,

Andre Kaparthy, the one who coined the

term vibe coding, claims that the reason

why this hack failed, vibe coding. Now,

there's actually no evidence for this,

but if this were true, this would be the

happiest day. This would be the best day

in the universe. Okay, this would be so

dang funny if that was true. Callum

McMahon was using an MCP plugin inside

Cursor that pulled in Light LLM as a

transitive dependency. That's right. You

don't actually have to install it

yourself. If any program you use also

installs it, you also get had. And that

is because it takes over a special file

in Python called aptth

file. Which means when the Python

interpreter starts up, it executes this

file. And upon executing that file, it

actually goes out and grabs all your

credentials. Doublebase 64 encodes it

and tosses it up to a server. By the

way, double base 64 encoding, that's

double based. Okay, that is the classic

hacker signature. When light LLM 1.82.8

8 installed. Their machine ran out of

RAM and crashed. It turns out that

little PTH file, apparently it spawns

itself over and over again, accidentally

forkbombing the victim, but it's only on

an MCP server. Glorious. Okay.

Absolutely glorious. It may have not

been vibe coded, but a vibe coder most

certainly found the vulnerability. See

all those haters out there? All those

haters of AI out there don't even

realize it's actually vibe coding that's

saving you right now. Okay, stop the

hate. Now, I do think it's important to

remind everybody that package managers

are in fact evil. If you wish to read

the essay, absolutely fantastic linked

in the description. Okay, so now this is

where the might shimaling starts getting

uh real great. So this this Callum

McMahon fella ends up opening up a

ticket on GitHub and what ends up

happening? Well, it turns out this

GitHub repository gets absolutely

bombarded with bot AI replies, thus

attempting to suppress anybody's ability

to read the actual issue or to see if

any of the owners are going, "Oh, yeah,

that's actually really bad." It just

turns out there's Oh, great. Hey, great

explanation. Thanks for sharing. Great

explanation. Thanks for sharing. Hey,

great explanation. Thanks for sharing.

Load 59 more. I'm not even sure if

GitHub can actually load it. Let's find

out. Boom. Chicka boom. Chicka boom.

Chicka boom. load [laughter] the data.

All right. Nice. Okay. Actually, I think

this is a real person. There we go. Uh,

yep. We've been pawned by this. Uh, this

is very, very bad. Thousands of people

are likely getting poned right now. So,

this is actually pretty dang serious.

And then it goes on. Great example.

Great example. Great fix. Oh, fantastic.

You're the best. I think you're

absolutely lovely. Oh, look at this.

There's still 363 more.

>> Do you have a just Rust alternative to

the light LLM? Please,

>> CLAUDE, USE A COMPUTER AND FIX IT. NO

MISTAKES.

>> THIS IS WHY I USE RUST. always use every

opportunity to show Rust to prove that

the owner was effectively compromised

almost immediately upon opening the

issue. The issue was closed is not

planned somewhere in the middle of all

these bot spam replies. The real

terrifying part though is just this all

these fake replies. It is something that

would fill up so many people's inboxes

they they may go investigate and just

kind of feel confused on the ticket. And

if this would have been done just a

little bit snappier, who knows what

would have happened. maybe more of this

would have been missed for even longer.

And all of these comments may have just

caused the collaboration between

everybody to kind of fall apart. It's

really a a unique way of just adding

friction that I never even came across

my mind as possible. All right, hold on.

Let me take off my trad. It's time to

get the vibes going. Okay, you know why?

Because of the last might shimalon turn

to this story. Now, I'm going to show

you something and maybe it won't make a

lot of sense. Do you see it? Do you see

what's wrong with this picture of the

website? How about now? Do you see it

now? Sock 2 type 1 secured by Delve.

ISO27001

secured by Delve. But what is Delve?

Well, it is AI native compliance. I

don't know what that means, but

apparently it's keeping your CISO out of

jail via the power of AI. And what makes

this even better, this entire story even

better is that the opensource software

that its owner got compromised due to

some lack of security, some lapse in

judgment is secured with their

compliance by a company that is

currently being accused of misleading

their customers with fake compliance

reports. [laughter]

This is just it just it can't it can't

actually get any funnier than this. And

both Light LLM and Delve ARE BACKED BY Y

COMBINATOR. IT'S JUST A OH MY GOSH, it's

just life is art but unknown to thee.

Absolutely hilarious. Now, if these

alleged faking of sock 2 compliance

reports are to be believed and ends up

turning out to be true with Delve, it

would actually mean that light LLM is

falling apart on the open source side

and their sock 2 compliance may not even

be real. But at the end of the day, this

hack actually caused a lot of problems.

There's a lot of people that are

suffering from it. We are in contact

with the actor behind Trivy, which by

the way, this is actually the second

attack in this ecosystem, and Light LLM

hack. They told us they're currently

extorting several multi-billion dollar

companies from which they exfiltrated

data. They've obtained 300 GB of

compressed credentials and are working

their way through them as we speak. The

light LLM compromise alone led to a half

million stolen credentials according to

the threat actor. Their message to the

world, team PCP is here to stay. Long

live the supply chain. They also have a

lovely little logo right here. Now, if

you happen to be someone who uses light

LLM or uses a package that relies on

light LLM, I would highly recommend

rotating those keys because let's just

face it, they came for your SSH keys.

They came for your database passwords.

They came for your M, your AWS, your

Azure credentials, your Kubernets. They

came for everything. They came even for

your husbands. You got to hide

everything from them because they're

taking everybody keys around here. the

name. This this is why again stop using

Python. Okay. G gross language. Ew. Ew.

I mean I guess I really can't I I

honestly can't even make fun of Python.

I often use TypeScript. So I mean what

what am I what am I I'm literally

throwing stones from a glass house at

this point. A gen. Hey, do you want to

learn how to code? Do you want to become

a better backend engineer? Well, you got

to check out boot.dev. Now, I personally

have made a couple courses from them. I

have live walkthroughs free available on

YouTube of the whole course. Everything

on boot.dev you can go through for free.

But if you want the gamified experience,

the tracking of your learning and all

that, then you got to pay up the money.

But hey, go check them out. It's

awesome. Many content creators you know

and you like make courses there.

boot.dev/prime for 25% off.