In March 2026, TeamPCP showed how useful it is to use developer machines for supply chain attacks. Their attack on LiteLLM, a popular AI development library, turned thousands of endpoints into credential harvesting operations. GitGuardian looked at 6,943 compromised developer machines from this incident and found 33,185 unique secrets, at least 3,760 of which are still valid.
There were about eight different places on the same machine where each live secret was found. Also, 59% of the compromised systems were CI/CD runners instead of personal laptops. Think of the workstation as the main place to scan for secrets, not just an afterthought. Use ggshield to check local repositories for credentials that have gotten into code or are still in Git history.
Even if they aren't stored in files, you should never trust environment variables without checking them first.
Check out shell profiles, integrated development environments (IDEs), and compiled artifacts to find long-lasting environmental values. Add ggshield pre-commit hooks to stop secrets from accidentally leaking during commit cleanup. Move credentials to a centralized vault infrastructure where security teams can enforce access policies, rotation schedules, and usage monitoring.
Combine incident management with your current ticketing systems so that fixing problems happens in the right place instead of having to switch tools all the time. With OpenClaw-style agents, the idea of "memory" is really stored in files on disk, like SOUL.md and MEMORY.md, which are kept in certain places. Never send your credentials to an agent chat or share secrets with them that you want to use later. Check agent memory files on a regular basis to make sure they aren't holding onto private information.
The LiteLLM incident showed that enemies know more about this than most security programs do. Companies that treat developer machines the same way they do production systems will be able to handle future supply chain problems.
