The Arena and The Target
It all started with Pwn2Own Berlin 2026. As AI technology explodes, major security competitions are turning their attention to AI infrastructure. In the official rules for this Pwn2Own, the highly anticipated Local Inference Category was introduced. One of the targets is LiteLLM.
For those who aren’t familiar with LiteLLM: it’s a popular lightweight LLM gateway/proxy tool. It allows developers to call hundreds of different LLM model services through a unified API format. As a gateway, it naturally sits at the core hub of application-layer interactions. It not only has to handle complex Authentication, Routing, and Billing, but also process a massive amount of input data from clients.