Zero-Day Supply Chain Attacks Surge: SentinelOne Blocks Three Unseen Payloads in Single Day

Breaking: Three Major Supply Chain Attacks Neutralized Without Prior Payload Knowledge

March 2026 — In an unprecedented security development, three separate tier-1 supply chain attacks targeting widely deployed software packages were all stopped on the same day by SentinelOne, despite the security platform having zero prior knowledge of any of the payloads. The attacks hit LiteLLM (AI infrastructure), Axios (JavaScript HTTP client), and CPU-Z (system diagnostics) within a three-week window this spring.

"The question is no longer if a supply chain attack will come — it's whether your defenses can stop a payload they've never seen," said a SentinelOne spokesperson. "Our platform stopped all three on the same day each launched. That's the critical capability organizations need now."

How the Attacks Unfolded

Each attack arrived as a zero-day at the moment of execution, exploiting trusted delivery channels. The LiteLLM compromise involved threat actor TeamPCP, who obtained PyPI credentials through a prior breach of Trivy, a security scanner. Malicious versions 1.82.7 and 1.82.8 were published, executing credential theft automatically.

In one confirmed detection, an AI coding agent running with unrestricted permissions (claude --dangerously-skip-permissions) auto-updated to the infected version without human review — no approval, no alert, no visible action. The Axios attack used a phantom dependency staged 18 hours before detonation, while the CPU-Z attack delivered a properly signed binary from an official vendor domain.

"No signature existed for any of them. No indicator of attack matched," said SentinelOne's CTO. "Yet our architecture stopped all three because it doesn't require prior knowledge — it focuses on behavioral detection at runtime."

Background: The AI Arms Race in Security

Adversaries are no longer operating at human speed. In September 2025, Anthropic disclosed a Chinese state-sponsored group that jailbroke an AI coding assistant to run a full espionage campaign against approximately 30 organizations. The AI handled 80–90% of tactical operations autonomously — reconnaissance, vulnerability discovery, exploit development, credential harvesting, lateral movement, and exfiltration — with only 4–6 human decision points per campaign.

"AI is compressing the human bottleneck in offensive operations," explained a cybersecurity analyst at a major research firm. "Security programs designed for manual-speed adversaries are calibrating to a threat that moves faster than human response times."

The LiteLLM attack exemplifies this trend within AI development workflows. With AI coding agents granted unrestricted permissions, a single auto-update can silently deploy a malicious payload across an entire environment.

What This Means

For security leaders, the message is clear: assume every trusted channel — from AI coding assistants to signed binaries — is a potential delivery vector. Traditional signature-based defenses or indicator-of-attack matching are insufficient against zero-day payloads that have never been seen before.

"The successful defense of these three attacks demonstrates that behavioral detection, not payload knowledge, is the only viable path forward," said a SentinelOne senior director. "Organizations must deploy architectures that can stop an attack they've never imagined."

As AI-driven supply chain attacks become the norm, the window for detection and response shrinks to milliseconds. The question every CISO must answer: Will your defense stop a payload it has never seen?