Malware in PyTorch Lightning Updates Steals Cloud Credentials
AI-generated from multiple sources. Verify before acting on this reporting.
LONDON (AP) — A malicious code injection in recent versions of the PyTorch Lightning software library has been identified, compromising cloud credentials for developers who imported the affected packages.
The attack targets versions 2.6.2 and 2.6.3 of the popular open-source framework used to train machine learning models. Security researchers discovered that the compromised code executes immediately upon import, before any training tasks begin. The malware is designed to exfiltrate sensitive authentication tokens and API keys stored within the user's environment, granting attackers access to cloud infrastructure.
The incident was detected on May 2, 2026. The affected packages were distributed through standard software repositories, making them indistinguishable from legitimate updates. Once installed, the malicious payload operates silently in the background, scanning for environment variables associated with major cloud service providers. No specific target group has been identified, and the scope of the infection remains unclear.
PyTorch Lightning is widely adopted in the artificial intelligence community for its ability to streamline deep learning workflows. The framework is maintained by a core team of developers and supported by a large ecosystem of contributors. The discovery of the supply chain attack has raised concerns about the security of open-source dependencies, which are often integrated into production systems without thorough vetting.
The mechanism of the attack involves a hidden function that triggers during the initialization phase of the library. This allows the malware to bypass standard security checks that might occur later in the development process. The stolen credentials can be used to deploy unauthorized workloads, access private data, or launch further attacks from compromised cloud accounts.
Developers are advised to immediately uninstall the affected versions and audit their systems for signs of compromise. Organizations relying on the library for critical operations should review their access logs and rotate any potentially exposed keys. The incident highlights the ongoing risks associated with software supply chains, where a single compromised component can affect thousands of downstream users.
It is currently unknown who is responsible for the attack or what their ultimate objectives are. The malware does not appear to include a ransom demand or a specific political message, suggesting the primary goal may be data theft or resource hijacking. Security experts are investigating whether the attack is part of a broader campaign targeting the AI sector.
The PyTorch Lightning team has not yet issued a public statement regarding the incident. Questions remain about how long the malicious code was present in the repository and whether other versions of the library were affected. As investigations continue, the incident serves as a stark reminder of the vulnerabilities inherent in interconnected software ecosystems.