Severity: HIGH - Active Supply Chain Compromise

Affected Package: lightning (PyTorch Lightning) on PyPI | Malicious Versions: 2.6.2 and 2.6.3 | Attack Type: Credential Theft via Supply Chain

The Threat

Threat actors have successfully compromised PyTorch Lightning, one of the most widely used Python machine learning frameworks, by pushing two poisoned versions - 2.6.2 and 2.6.3 - to the Python Package Index (PyPI). The compromise was identified by researchers at Aikido Security, Socket, and StepSecurity.

PyTorch Lightning is not a niche tool. It is the framework of choice for data scientists and AI engineers building production-grade machine learning pipelines. Any developer who ran pip install lightning or updated their environment during the window these versions were live may have silently installed credential-stealing malware.

The malicious code was designed to exfiltrate credentials from the host environment - including cloud API keys, environment variables, and developer tokens - sending them to attacker-controlled infrastructure without triggering standard runtime alerts. This is a classic dependency poisoning attack: clean source code, dirty package.

Impact Assessment for East Africa

This attack is directly relevant to East African organizations accelerating AI adoption. In Kenya, Ethiopia, and across the Horn of Africa, government agencies, banks, and telecoms are actively deploying machine learning models for fraud detection, credit scoring, biometric identity verification, and public service automation. Many of these teams rely on PyTorch Lightning as a core dependency.

The specific risks are serious:

  • Cloud credential theft: Development teams using AWS, Azure, or Google Cloud in Kenya's growing tech sector could have had their API keys stolen, enabling attackers to spin up infrastructure, exfiltrate data, or deploy ransomware in cloud environments.
  • CI/CD pipeline compromise: Banks and telcos running automated ML pipelines - common in Kenyan and Ethiopian fintech - may have had build environments compromised, meaning malicious code could have propagated into production systems.
  • Regulatory exposure: Under the Kenya Data Protection Act 2019, the CBK Cybersecurity Guidelines, and Ethiopia's emerging data governance framework, a breach traced to a compromised open-source package still triggers mandatory breach notification obligations. "We were using a bad library" is not a legal defense.
  • AI model poisoning risk: If attacker credentials are used to access model registries or training data pipelines, the integrity of deployed AI models - including those used in credit decisions or fraud scoring - must be treated as suspect.

Immediate Actions - Do These Now

  • Audit your Python environments immediately. Run pip show lightning across all development, staging, and production systems. If you see version 2.6.2 or 2.6.3, treat the entire host as compromised and begin incident response.
  • Downgrade or upgrade the package. Roll back to the last confirmed clean version (2.6.1) or upgrade past 2.6.3 once a verified clean release is confirmed by the maintainers. Do not leave either malicious version installed.
  • Rotate all credentials stored in the affected environments. This includes cloud API keys, database passwords, CI/CD secrets, Git tokens, and any environment variables present on machines where 2.6.2 or 2.6.3 were installed.
  • Review outbound network logs for suspicious exfiltration. Check for unexpected connections to unknown IP addresses or domains from developer machines and build servers during the period these versions were live. Your SIEM should be queried retroactively.
  • Enforce a software bill of materials (SBOM) policy. Every package used in production should be pinned to a verified hash, not a floating version number. Implement pip-audit or a similar tool in your CI/CD pipeline to catch malicious packages before they reach developers.

DRONGO Recommendation

Supply chain attacks bypass perimeter defenses entirely. If your organization is running Python-based AI or data workloads - whether in a Nairobi fintech, a Somali government ministry, or an Ethiopian telco - your current patching and package verification processes may not be sufficient. DRONGO's application security and SOC teams can perform a targeted supply chain risk assessment to identify exposed packages, audit your CI/CD pipeline controls, and ensure your environments meet CBK and ISO 27001 standards for software integrity.

Is your organization protected? Request a free security assessment.