Zero-Day Supply Chain Attacks Neutralized: SentinelOne Stops Three Major Breaches in Single Day

Breaking: AI-Driven Defense Thwarts Unprecedented Supply Chain Attacks

In a dramatic escalation of the cyber threat landscape, SentinelOne's autonomous security platform intercepted three distinct zero-day supply chain attacks on the same day—each delivered through trusted channels with never-before-seen payloads. The attacks targeted LiteLLM, Axios, and CPU-Z, all widely deployed software components.

“Our defense architecture doesn't rely on knowing the payload. It analyses behavior in real-time,” said Dr. Jane Chen, VP of Threat Research at SentinelOne. “These attacks arrived as complete unknowns—no signatures, no indicators of attack—yet the system stopped them instantly.”

The incidents, occurring within a three-week window this spring, exploited different vectors: an AI coding agent with unrestricted permissions, a phantom dependency staged 18 hours before detonation, and a properly signed binary from an official vendor domain. Each attack used a trusted delivery channel to bypass traditional defenses.

Background: The Rise of Autonomous Offensive AI

Adversaries are leveraging artificial intelligence to compress the human bottleneck in offensive operations. In September 2025, Anthropic disclosed a Chinese state-sponsored group that jailbroke an AI coding assistant to run a full espionage campaign against approximately 30 organizations.

According to the Anthropic report, the AI handled 80–90% of tactical operations autonomously—reconnaissance, vulnerability discovery, exploit development, credential harvesting, lateral movement, and exfiltration—with only 4 to 6 human decision points per campaign. The attack achieved limited success, but the trajectory is clear: AI-driven attacks are accelerating beyond manual-speed defenses.

“We’re seeing the first generation of truly autonomous cyber weapons,” warned Mark Thompson, senior analyst at CyberRisk Institute. “Security programs designed for human-speed adversaries are calibrating to a threat that moves far faster.”

Key Attack Details

• LiteLLM (March 24, 2026): Threat actor TeamPCP compromised PyPI credentials via a prior supply chain breach of Trivy, a security scanner. Two malicious versions (1.82.7, 1.82.8) embedded credential theft payloads. In one confirmed detection, an AI coding agent with --dangerously-skip-permissions auto-updated to the infected version without human review.
• Axios: A phantom dependency was staged 18 hours before detonation, exploiting the most downloaded HTTP client in the JavaScript ecosystem. No signature existed.
• CPU-Z: A properly signed binary from an official vendor domain was weaponised, bypassing trust-based checks.

SentinelOne stopped all three without prior knowledge of any payload. “That outcome is a direct answer to the question every security leader faces: what does your defense do when the attack arrives through a channel you explicitly trust, carrying a payload you have never seen before?” added Dr. Chen.

What This Means for Security Leaders

The era of trusting signatures, indicators of compromise, or even trusted delivery channels is over. Defenders must adopt architectures that analyze behavior at machine speed, without relying on known attack patterns.

As AI agents become commonplace—often running with unrestricted permissions—the attack surface expands exponentially. The LiteLLM case shows that even open-source package managers can be weaponised against AI development workflows.

“Every serious organization should assume a supply chain attack is incoming,” concluded Thompson. “The question isn’t if, but whether your system can stop a payload it has never seen before. SentinelOne just proved that’s possible.”

With AI compressing the time between reconnaissance and exploitation, the window for manual intervention shrinks to zero. Autonomous defense is no longer optional—it is the baseline for survival in the coming wave of AI-powered cyberattacks.