Product

Resources

Company

Talk to a real human

Sign up today

These attacks aren’t slowing down. Trivy. KICS. LiteLLM. More are coming.

Root keeps your images stable and secure, even when upstream is compromised.

TeamPCP hit Trivy, CheckMarx, litellm, and axios. In days.

One .pth file. No CVE. No import. It just runs.

You got compromised.
Or you're about to.

LiteLLM is compromised. Your credentials are gone.

TeamPCP didn't exploit a vulnerability. They poisoned the update, and your scanners delivered it. Root pins your dependencies and patches them in place so nothing changes without your approval. Free trial, full product.

TeamPCP pushed two poisoned versions to PyPI on March 24.
If 1.82.7 or 1.82.8 is in your environment, it already fired.

Start free trial

Read the full attack analysis

Which one are you?

Two types of teams right now.

Already hit

You ran the update. The compromise is already inside.

TeamPCP didn't need you to click anything. Your scanners delivered the payload. If you updated Trivy, KICS, litellm, or axios in the last 90 days, the damage is done. The question isn't whether you were exposed. It's how deep.

Root makes sure it never happens again.
Not yet

You got lucky. TeamPCP isn't the last attack like this.

Five ecosystems. One campaign. This wasn't a one-off exploit, it was a new playbook. The next supply chain attack won't be as loud. Your current dependency workflow is the attack surface. Close it before someone walks through it.

Root makes sure it never happens at all.
The hard truth

Updates are the attack vector. Welcome to the new normal.

The attack

They turned the upgrade into the weapon.

TeamPCP broke the playbook permanently. Your scanners delivered the attack instead of catching it. One compromise became credential theft, credential theft became lateral movement, and lateral movement became the next breach.

Every dependency you upgrade is code you didn't write, didn't review, and didn't approve.
The trap

"Just pin your dependencies." Cool. Now you're stuck.

Pinning kills the propagation path, but now every CVE that drops requires a manual upgrade that reintroduces the exact risk you just eliminated. You traded a car accident for a slow bleed.

Security teams are stuck choosing between unsafe updates and unscalable remediation.
The fix

Root breaks the trap.

Pin your versions. Root patches them in place. Vulnerabilities fixed without upgrades, no new code in your environment. The attack path stops existing. Deployed in minutes.

No auto-updates. No forced rebuilds. No waiting on upstream. Just controlled, immediate remediation.
Pick your reality

One of these is your Monday morning.

Without Root
With Root
Every update is a potential attack
Nothing changes without your approval
Compromised packages propagate automatically
Security fixes applied to your pinned versions. No upgrade required.
Your scanners can be turned against you
Upstream compromise can't reach you
The "fix" is more updates. The same thing that got you hit.
Your CISO asks what happened. You say: "Nothing. We use Root."
Same cycle. Same exposure. Same breach.
Root makes it a non-event.
"

Open source malware is the defining attack vector of 2026 - teams need to be prepared in every way possible to prevent, detect, and respond.

James Berthoty
Latio

They hit five tools in days.
They're not taking a break.

AI is making this faster and cheaper for attackers every single day. Root closes the window before it opens. Free trial, full product, deployed in minutes.

We're not the cleanup crew. We're the reason you never need one.