A breach at California’s LiteLLM has implications for insurers and represents a new class of cyber risk, IT consultancy TransUnion warns.

LiteLLM is an AI gateway library used to manage interactions with large language models. Last month, cybercriminals compromised the Python Package Index repository and distributed malicious versions of the library, leading to widespread credential theft.

TransUnion head of global insurance business Matt Cullina says the breach “offers an early signal that the rapid adoption of AI is creating a new category of cyber risk”.

Companies are “racing to integrate AI tools and infrastructure faster than many security programs can adapt. Even cybersecurity basics are being overlooked in the haste.”

The fallout will be “both large and ongoing”, and it is “almost certainly the first of many similar breaches to come as organisations integrate AI”, Mr Cullina says.

AI infrastructure is introducing new supply chain dependencies, and that comes with a fresh set of vendor vulnerabilities that many organisations may not be tracking.

The impacts of AI-related breaches may have a long tail, TransUnion says. Compromised credentials and cloud-based environments enable deeper penetration by criminals.

“This is the kind of event that shows why the insurance and incident response ecosystem matters,” Mr Cullina said. “When a new class of cyber risk emerges, organisations need more than reimbursement after the fact. They need co-ordinated expertise that helps them respond, contain damage and prepare for the next big risk on the horizon.”

Demand for forensic investigation, breach response co-ordination and monitoring services is likely to increase as business leaders assess potential exposure, he says.