Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project

Learn how to install and use the LiteLLM open-source project to manage API calls to various AI providers, following security best practices after recent cyberattacks on AI companies.

Introduction

In this tutorial, you'll learn how to work with the LiteLLM open-source project, which was mentioned in the recent cyberattack news about Mercor. LiteLLM is a powerful tool that helps developers manage and route API calls to various AI models, including OpenAI, Anthropic, and others. Understanding how to use LiteLLM properly is crucial for developers working with AI services, especially as cyber threats continue to evolve.

This tutorial will guide you through installing LiteLLM, setting up basic configurations, and demonstrating how to route requests to different AI providers. You'll also learn about security best practices when working with AI APIs.

Prerequisites

To follow this tutorial, you'll need:

A computer with internet access
Python 3.7 or higher installed
Basic understanding of command-line interfaces
Access to an OpenAI API key (you can get one from OpenAI's website)

Step-by-Step Instructions

1. Install LiteLLM

The first step is to install the LiteLLM package using pip. This command will download and install the latest version of LiteLLM:

pip install litellm

Why this step? Installing LiteLLM gives you access to the core functionality that allows you to route API requests to different AI providers without changing your code structure.

2. Set Up Your Environment Variables

Before using LiteLLM, you need to store your API keys securely. Create a .env file in your project directory:

touch .env

Then add your OpenAI API key to this file:

OPENAI_API_KEY=your_openai_api_key_here

Why this step? Storing API keys in environment variables is a security best practice. Never hardcode API keys in your source code, especially when sharing projects or working in teams.

3. Create a Basic Python Script

Now create a Python script that demonstrates how to use LiteLLM to make API calls:

import os
from litellm import completion

# Load environment variables
os.environ["OPENAI_API_KEY"] = "your_openai_api_key_here"

# Make a simple API call
response = completion(
    model="gpt-3.5-turbo",
    messages=[
        {"role": "user", "content": "Hello, how are you?"}
    ]
)

print(response.choices[0].message.content)

Why this step? This shows you how to make basic API calls using LiteLLM, which is essential for understanding how the tool works before implementing more complex routing.

4. Configure Multiple AI Providers

One of LiteLLM's powerful features is routing requests to different AI providers. Create a configuration that allows you to use both OpenAI and another provider:

import os
from litellm import completion

# Set up multiple API keys
os.environ["OPENAI_API_KEY"] = "your_openai_api_key_here"
os.environ["ANTHROPIC_API_KEY"] = "your_anthropic_api_key_here"

# Example of routing to different models
response1 = completion(
    model="gpt-3.5-turbo",
    messages=[{"role": "user", "content": "Explain quantum computing in simple terms"}]
)

response2 = completion(
    model="claude-3-haiku",
    messages=[{"role": "user", "content": "Explain quantum computing in simple terms"}]
)

print("OpenAI Response:", response1.choices[0].message.content)
print("Claude Response:", response2.choices[0].message.content)

Why this step? This demonstrates how LiteLLM allows you to seamlessly switch between different AI providers, which is particularly useful when one provider might be compromised or unavailable.

5. Implement Error Handling

When working with AI APIs, errors are common. Implement proper error handling in your script:

import os
from litellm import completion
from litellm.exceptions import RateLimitError, AuthenticationError

os.environ["OPENAI_API_KEY"] = "your_openai_api_key_here"

try:
    response = completion(
        model="gpt-3.5-turbo",
        messages=[{"role": "user", "content": "Hello, how are you?"}]
    )
    print(response.choices[0].message.content)
except RateLimitError:
    print("Rate limit exceeded. Please try again later.")
except AuthenticationError:
    print("Authentication failed. Check your API key.")
except Exception as e:
    print(f"An error occurred: {e}")

Why this step? Error handling is crucial when working with external APIs. It prevents your application from crashing and provides helpful feedback to users when issues occur.

6. Test Your Setup

Run your Python script to verify everything is working correctly:

python your_script_name.py

If everything is configured properly, you should see responses from the AI models. If you encounter errors, check that your API keys are correct and that you have internet connectivity.

Why this step? Testing ensures that your environment is properly configured and that you can successfully make API calls through LiteLLM.

Summary

In this tutorial, you've learned how to install and use LiteLLM, a powerful tool for managing API calls to various AI providers. You've also learned about important security practices like using environment variables for API keys and implementing proper error handling.

Understanding how to use tools like LiteLLM is particularly important in today's security landscape, where incidents like the Mercor cyberattack highlight the need for secure and flexible AI integration. By following the practices demonstrated in this tutorial, you're better prepared to work with AI APIs safely and efficiently.

Remember to always keep your API keys secure, implement proper error handling, and consider using tools like LiteLLM to make your AI integrations more robust and flexible.