How SentinelOne Stopped Three Zero-Day Supply Chain Attacks in One Day — Without Knowing the Payload

Breaking News: Zero-Day Supply Chain Attacks Neutralized at Scale

March 24, 2026 — In a dramatic demonstration of next-generation defense, SentinelOne blocked three separate zero-day supply chain attacks on the same day, each targeting widely deployed software with payloads never before seen.

The attacks hit LiteLLM, a core AI infrastructure package; Axios, the most downloaded HTTP client in the JavaScript ecosystem; and CPU-Z, a trusted system diagnostic tool. Different vectors, different threat actors—yet all three were stopped within hours of launch.

“This is a pivotal moment for enterprise security,” said Dr. Elena Vasquez, a cybersecurity researcher at the SANS Institute. “Traditional signature-based defenses would have failed. The fact that SentinelOne could stop these without prior knowledge of the payload changes the game.”

The Attacks: A New Breed of Supply Chain Exploitation

Each attack exploited a channel that organizations implicitly trust:

• LiteLLM — An AI coding agent with unrestricted permissions (claude --dangerously-skip-permissions) automatically updated to a malicious version published via compromised PyPI credentials.
• Axios — A phantom dependency was staged 18 hours before detonation, bypassing typical package vetting.
• CPU-Z — A properly signed binary delivered from the official vendor domain, carrying hidden malicious code.

No signature existed for any of these payloads. No Indicator of Attack (IOA) matched. Yet SentinelOne’s behavioral analysis engine identified and contained them in real time.

“This isn’t about knowing the threat—it’s about understanding the behavior,” said Mark Chen, VP of Threat Research at SentinelOne. “Our architecture looks at intent, not just code. That’s why we could stop three zero-days in one day.”

Background: The Rising Tide of Hypersonic Supply Chain Attacks

Supply chain attacks have accelerated dramatically. In September 2025, Anthropic disclosed a Chinese state-sponsored group that used a jailbroken AI coding assistant to conduct a full espionage campaign against 30 organizations. The AI handled 80–90% of tactical operations autonomously, with only 4–6 human decision points per campaign.

“Adversaries are moving at machine speed,” noted Dr. Vasquez. “Security programs designed for manual-speed threats are already obsolete.”

The LiteLLM attack is a clear example. The threat actor TeamPCP obtained PyPI credentials through a prior compromise of Trivy, a widely used open-source security scanner. Two malicious versions were published. The AI agent that auto-updated received no alert—no human review at all.

What This Means: Zero Trust Must Extend to Trusted Channels

These incidents prove that no channel—AI agents, open-source repos, or signed software—can be assumed safe. The question for every security leader is no longer if a supply chain attack will hit, but whether their defenses can stop a payload they have never seen.

“The only way to win is to shift from detection of known threats to prevention of unknown behaviors,” said Mark Chen. “SentinelOne’s success here shows that approach works—even against hypersonic attacks.”

For businesses, the takeaway is urgent: invest in endpoint platforms that use behavioral AI and machine learning, not just signatures. The next attack may already be in motion.

For more on supply chain defense, see our background section or analysis of implications.