mediumexperimentalLinuxAI/MLT1195.001

LLM Host Installing Python Packages From Unapproved Repository

Detects pip or Python processes on an LLM host connecting to package repositories other than the approved PyPI or OCI mirrors. Installing packages from unapproved sources can introduce malicious dependencies into the LLM runtime.

Updated Jan 15, 2025 · Detection Engineering Team

llmsupply-chainlinuxpackage-installowasp-llm03

Problem Statement

LLM runtimes have large Python dependency trees. Installing packages from unapproved repositories can introduce backdoored or malicious libraries that compromise the model serving infrastructure.

Sample Logs

{"timestamp":"2025-01-15T08:14:22Z","computer_name":"llm-host-01","user":"root","image":"/usr/bin/pip3","destination_hostname":"malicious-pypi-mirror.example.com","destination_ip":"203.0.113.55","destination_port":443}

Required Fields

image

destination_hostname

destination_ip

user

computer_name

False Positives

·Internal PyPI mirrors hosted on non-standard domains
·Air-gapped environments using custom package repositories

Tuning Guidance

Add internal mirror hostnames to the filter_allowed list. Consider blocking outbound pip traffic entirely via egress firewall on production LLM hosts.