Why is the LiteLLM incident on there? The linked article for that one is a 404.
I didn't read any credible arguments suggesting that was caused by vibe coding. They had their PyPI publishing credentials stolen thanks to an attack against a CI tool they were using.
It seems like blogspam. It's curated according to an author's comment, but it treats ones verified by a security organization like Vite's just the same as ones like the blog post about Claude calling a Terraform command. And this is on a site which appears to sell other AI generated content for a subscription.
Edit: it appears the traditional content is free. What is paid is an AI interview pack, which is basically content with some tokens in order to present the content. They could be cheap Haiku tokens. Also it isn't a subscription, it's one-time purchase of packs. My bad.
-> On March 24, 2026, Endor Labs identified that litellm versions 1.82.7 and 1.82.8 on PyPI contain malicious code not present in the upstream GitHub repository. litellm is a widely used open source library with over 95 million month downloads. It lets developers route requests across LLM providers through a single API.
I didn't read any credible arguments suggesting that was caused by vibe coding. They had their PyPI publishing credentials stolen thanks to an attack against a CI tool they were using.
Plus the linked article for the Amazon outage is https://d3security.com/blog/amazon-lost-6-million-orders-vib... which appears to be some other vendor promoting their product without providing any details on what happened at Amazon.