If anyone on your team uses Python - or if you use any AI tool that was built using Python - there's a thing that happened yesterday you need to know about.
A well-known open-source library called PyTorch Lightning was compromised in what security researchers are calling a supply chain attack. Versions 2.6.2 and 2.6.3, published on April 30, 2026, contained hidden malware. Anyone who installed or updated the package in the last 24 hours may have had their credentials stolen.
The discovery was made public by Semgrep, a code security company.
What is PyTorch Lightning, and why does it matter to small businesses?
PyTorch Lightning is a framework that makes it easier to train and fine-tune AI models. Developers use it to build image classifiers, run AI-powered predictions, and fine-tune large language models.
If you've hired a developer to build a custom AI tool for your business - or if you use AI-powered software that your team builds or customizes - there is a real chance this library is somewhere in your technology stack without you knowing.
Think of it like this: it's not a product you'd buy off the shelf. It's more like a brand of flour that thousands of bakeries quietly use. When the flour gets contaminated, every bakery that used it has a problem - even if the bakery never thought much about where the flour came from.
What the malware actually did
According to Semgrep's analysis, the malicious versions contained hidden files that ran automatically the moment the package was imported. Here's what they grabbed:
- Login credentials stored on the machine
- Authentication tokens (think: API keys for OpenAI, AWS, Google Cloud)
- Environment variables (where many developers store passwords and access codes)
- GitHub account tokens
Then it tried to spread. If the infected machine had the ability to publish software packages to npm (a separate package registry used for JavaScript tools), the malware injected itself into those packages and republished them - attempting to infect the next round of developers who installed them.
The whole operation has a strange "Dune" sci-fi theme, named after the giant worms in the novels, which is funny until you realize your AWS credentials might have walked out the door.
What you should actually do
First: Figure out if this affects you.
Ask whoever manages your tech or your development tools to check whether your projects use lightning version 2.6.2 or 2.6.3. You can also check using Semgrep's advisory page: semgrep.dev/orgs/-/advisories
Second: Rotate your credentials if you were affected.
If your developer confirms that those versions were installed in the last 24 hours, treat all API keys, cloud credentials, and GitHub tokens as compromised. That means:
- Revoke the old ones immediately
- Issue new ones
- Audit any recent unusual activity in your cloud accounts
The cost of rotating keys: about two hours of a developer's time. The cost of not doing it after a confirmed breach: potentially unlimited.
Third: Upgrade to a clean version.
The 2.6.1 version is clean. The compromise was in 2.6.2 and 2.6.3 only.
The bigger lesson here
This is the third high-profile software supply chain attack in the past few months - following the Bitwarden CLI incident and the Vercel API key exposure we covered earlier this spring.
The pattern matters: attackers are no longer just trying to break into your business directly. They're compromising the tools your tools rely on. The attack surface has expanded well beyond "don't click suspicious links."
You don't need to become a security expert to protect yourself. But you do need someone on your team who knows what dependencies your tools run on - and who checks them when something like this happens.
That's not paranoia. That's basic operational hygiene in 2026.
Source: Semgrep security advisory, published April 30, 2026 - semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training