New AI-powered scanner – who-touched-my-packages – detects zero-day malicious packages and credential exfiltration in seconds
BOSTON, March 26, 2026 /PRNewswire/ — Point Wild, a leading global provider of AI-powered cybersecurity, today announced the immediate release of a free security tool, who-touched-my-packages (wtmp) – to provide developers visibility into their vulnerabilities as a result of the recent compromise of the widely used LiteLLM package.
The attack, which impacted a Python package with an estimated 3 million daily downloads, enabled the exfiltration of sensitive data including SSH keys, cloud credentials and API tokens, triggering widespread concern across the developer community. Despite the scale and severity of the incident, many traditional security tools failed to detect the threat, as they rely on known vulnerability databases rather than identifying malicious behavior in real time.
“With 3 million daily downloads and already about 500,000 credentials confirmed stolen, we’re likely only seeing the early impact of this attack,” said Dr. Zulfikar Ramzan, Chief AI and Technology Officer at Point Wild. “Understanding the scope and severity of this exploit, we rallied to deliver this tool as quickly as possible. We expect some false positives, but wanted to provide the global developer community a flashlight in a dark room while we actively iterate to reduce noise.”
wtmp enables developers to quickly scan third-party packages for malicious behavior, including credential harvesting, data exfiltration, obfuscated code, and CI/CD tampering. Unlike traditional tools that rely on known CVEs, this tool uses behavioral analysis and AI-powered classification to detect zero-day supply chain attacks—even those with no prior signatures.
To identify risk, the scanner provides:
- Dependency Graphing: Uses Node.js and Python tools to generate a full dependency graph (ensure your dependencies are downloaded as usual prior to scanning).
- Local CVE Cross-Referencing: Downloads two sources of vulnerabilities directly to your device (GitHub Advisories and Google’s OSV) and matches your dependency versions against them.
- Active Behavioral Scanning (Zero-Day Defense): You can optionally pass an Anthropic API key via an environment variable. If an API key is provided, an agentic AI process with the latest LangGraph tooling will deeply scan every dependency.
- Targeted Threat Detection: The agentic LLM process not only actively hunts for the exact zero-day mechanisms used in yesterday’s attack, but it more broadly identifies dozens of threat indicator patterns common in supply chain compromises. This includes data exfiltration, credential harvesting, crypto wallet theft, environment scanning, code obfuscation, persistence, data packaging, and CI/CD poisoning.
Designed for immediate adoption, wtmp allows developers to scan their environments through a single API call, CLI command or GitHub integration, eliminating the need for complex setup or large file uploads.
The release comes at a time of heightened awareness around software supply chain risk, as developers and organizations work to secure increasingly complex dependency ecosystems. By offering this tool for free, Point Wild aims to support the developer community while advancing a more proactive, real-time model for securing modern software.
Install globally and scan your project here: https://point-wild.github.io/who-touched-my-packages/#quick-start.
About Point Wild
Point Wild is a global leader in cybersecurity, protecting individuals and businesses from the ever-evolving threats of the digital world. At the core of our protection is Lat61, a modular, API-enabled platform that unifies our specialized security solutions—making it easier than ever to deploy powerful protection at scale. Powered by more than 20 years of expertise, our industry-leading brands deliver best-in-class security—from device protection and online privacy to identity theft prevention—to more than 25 million users worldwide. To learn more, visit www.pointwild.com.
Media Contact: Sydney (Shapiro) Harwood, sydney.shapiro@pointwild.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/point-wild-releases-free-litellm-vulnerability-scanner-within-24-hours-of-supply-chain-attack-302726154.html
SOURCE Point Wild
