You Patched LiteLLM, But Do You Know Your AI Blast Radius?

The LiteLLM supply chain compromise revealed a critical blind spot in AI security: patching a vulnerable dependency doesn't address the full risk of what that dependency was connected to at runtime. LiteLLM, as a model gateway routing requests to 100+ LLM providers, sits in the execution path between applications and models, tools, APIs, and agent workflows. When compromised, the blast radius extends far beyond the package itself — as confirmed by AI recruiting startup Mercor, which suffered large-scale data exfiltration after stolen credentials were used to access internal systems. Traditional SCA tools catch the vulnerable dependency but can't map the AI system's full topology. Snyk's Evo AI-SPM is positioned as a solution that builds an AI Bill of Materials (AI-BOM), mapping model providers, connected tools, agent workflows, and 'shadow AI' usage across codebases to give teams true visibility into their AI attack surface.