Your AI Runs Malware: PyTorch Hit by Supply Chain Trojan

Scene Hook

Last month, I had a contractor set up my AI training environment. He casually installed a library, and I only realized later the version was wrong.

For those of us running side hustles or personal brands, we often outsource the technical stuff. But have you ever thought about it—the "toolkits" contractors install might themselves be toxic. The recent PyTorch Lightning incident is a perfect example: an AI training library used by tens of thousands had malicious code slipped into its dependency chain, codenamed Shai-Hulud (yes, the sandworm from Dune). If you have AI projects running, this is a risk worth knowing about.

What It Is + Who Is Using It

PyTorch Lightning is a popular training framework in the AI circle; almost everyone doing model fine-tuning or training knows it. Security team Semgrep discovered that one of its dependency packages was replaced with a malicious version—the attacker used the Dune sandworm's name as a codename, which is pretty ironic.

My friend Ajie, who does AI training contracting in Bao'an, Shenzhen, almost got hit last month. At 11 PM in a shared office, he was setting up an environment for a client and installed this library without a second thought. He didn't feel the chill until he saw the security advisory the next day—if that malicious version had run, the client's models and data could have been stolen.

I've been stuck here too. Last year, while working on a project myself, a dependency package's version number was off by a single decimal point. I didn't notice at all and spent two extra weeks troubleshooting inexplicable errors.

Replicate Cost

Here, "replication" means replicating defensive awareness, not replicating the attack:

Money: $0 (basic checks are free)
Time: 15 minutes
Technical barrier: No coding required, but you need to know how to ask your developers/contractors
First step: Open your chat app and ask your contractor—"Have the libraries we installed been dependency-checked?"

If you only use off-the-shelf AI products (like the web version of ChatGPT or Midjourney), this doesn't concern you much. But if you have someone running a local AI environment for you, at least confirm the stuff they install comes from reliable sources.

Advice by Stage

Just starting out: If you currently only use off-the-shelf AI products, don't worry about this incident. It's fine to skip it for now; come back to understand it when you need to deploy your own environment someday.

Have 1-2 clients: If you hired contractors to build AI projects for clients, I'd suggest asking one more question—"Are the installed libraries from official channels? Have they been security-scanned?" You don't need to understand the tech, but this habit can save you from taking the blame.

Scaling up: If your team is already running its own AI training workflows, I recommend finding a technical partner to do a dependency audit. Semgrep (the one that found this vulnerability) has a free version; a quick scan brings a lot of peace of mind. Not everyone needs this tool, but when you have more and more client data, this investment is worth it.