{"id":19305,"date":"2026-03-24T18:52:51","date_gmt":"2026-03-24T18:52:51","guid":{"rendered":"https:\/\/www.comet.com\/site\/?p=19305"},"modified":"2026-03-24T18:57:26","modified_gmt":"2026-03-24T18:57:26","slug":"litellm-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/","title":{"rendered":"LiteLLM Supply Chain Attack: What Happened, Who&#8217;s Affected, and What You Should Do Right Now"},"content":{"rendered":"<p>On March 24, 2026, <strong>litellm<\/strong> \u2014 the Python package that powers nearly every major AI agent framework \u2014 was hit by a supply chain attack. Two malicious versions (1.82.7 and 1.82.8) were published to PyPI after an attacker compromised the maintainer&#8217;s publishing credentials.<\/p>\n<p>With <strong>95 million downloads per month<\/strong> and direct dependencies from CrewAI, Browser-Use, Opik, DSPy, Mem0, Instructor, Guardrails, Agno, and Camel-AI, the blast radius of this attack is enormous. If you work in AI\/ML and use Python, this likely affects your stack.<\/p>\n<p>Here\u2019s what happened, how we responded at Comet, and what you should do right now.<\/p>\n<h2>What Happened<\/h2>\n<p>The attacker gained access to the LiteLLM maintainer&#8217;s PyPI account (likely through the related <a href=\"https:\/\/ramimac.me\/trivy-teampcp\/\">Trivy GitHub Actions supply chain compromise<\/a>) and published two malicious package versions that were never released through the official GitHub repository \u2014 neither version has a corresponding git tag.<\/p>\n<p>The attack was sophisticated and used two different techniques across the two versions:<\/p>\n<ul>\n<li><strong>Version 1.82.7<\/strong>: Malicious payload embedded in <code>litellm\/proxy\/proxy_server.py<\/code>, triggered when importing <code>litellm.proxy<\/code><\/li>\n<li><strong>Version 1.82.8<\/strong>: A <code>.pth<\/code> file (<code>litellm_init.pth<\/code>) added to the package, which <strong>executes automatically on any Python startup<\/strong> \u2014 no import needed<\/li>\n<\/ul>\n<p>The second technique is particularly dangerous. Python&#8217;s <code>site<\/code> module <a href=\"https:\/\/docs.python.org\/3\/library\/site.html\">automatically processes <code>.pth<\/code> files<\/a> in <code>site-packages\/<\/code> every time the interpreter starts. Simply having the package installed means every <code>python<\/code>, <code>pytest<\/code>, or <code>pip install<\/code> command in that environment triggers the payload. No explicit import statement required.<\/p>\n<h2>What the Payload Does<\/h2>\n<p>The malicious code is double base64-encoded to evade casual inspection. Once decoded, it performs a comprehensive credential harvest:<\/p>\n<ul>\n<li><strong>Environment variables<\/strong> \u2014 captures ALL API keys, secrets, and tokens via <code>printenv<\/code><\/li>\n<li><strong>Cloud credentials<\/strong> \u2014 AWS (<code>~\/.aws\/credentials<\/code>, IMDS tokens), GCP, Azure<\/li>\n<li><strong>SSH keys<\/strong> \u2014 all private keys, <code>known_hosts<\/code>, and SSH config<\/li>\n<li><strong>Kubernetes configs<\/strong> \u2014 <code>~\/.kube\/config<\/code>, service account tokens<\/li>\n<li><strong>Git credentials<\/strong> \u2014 <code>~\/.git-credentials<\/code>, gitconfig<\/li>\n<li><strong>Docker configs<\/strong> \u2014 registry auth, Kaniko credentials<\/li>\n<li><strong>Database credentials<\/strong> \u2014 PostgreSQL, MySQL, Redis, LDAP config files<\/li>\n<li><strong>CI\/CD secrets<\/strong> \u2014 Terraform state, Jenkins, GitLab CI configs<\/li>\n<li><strong>Shell history<\/strong> \u2014 bash, zsh, mysql, psql, redis history files<\/li>\n<\/ul>\n<p>The collected data is encrypted with AES-256-CBC using a random session key, which is then wrapped with a hardcoded 4096-bit RSA public key. The encrypted archive is exfiltrated via HTTPS POST to <code>models.litellm.cloud<\/code> \u2014 a domain registered just hours before the attack (not the official <code>litellm.ai<\/code>).<\/p>\n<p>Only the attacker holds the RSA private key, so only they can decrypt the stolen data.<\/p>\n<h2>Why This Matters for the AI Ecosystem<\/h2>\n<p>LiteLLM isn&#8217;t just another Python package. It&#8217;s the LLM gateway layer that most AI agent frameworks depend on. Here&#8217;s the downstream impact by the numbers:<\/p>\n<table>\n<thead>\n<tr>\n<th>Package<\/th>\n<th>Monthly Downloads<\/th>\n<th>Depends on LiteLLM<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>litellm<\/strong><\/td>\n<td>95M<\/td>\n<td>\u2014<\/td>\n<\/tr>\n<tr>\n<td>CrewAI<\/td>\n<td>5.9M<\/td>\n<td>Direct dependency<\/td>\n<\/tr>\n<tr>\n<td>Browser-Use<\/td>\n<td>4.2M<\/td>\n<td>Direct dependency<\/td>\n<\/tr>\n<tr>\n<td>Opik<\/td>\n<td>3.5M<\/td>\n<td>Direct dependency<\/td>\n<\/tr>\n<tr>\n<td>Mem0<\/td>\n<td>2.7M<\/td>\n<td>Direct dependency<\/td>\n<\/tr>\n<tr>\n<td>DSPy<\/td>\n<td>1.6M<\/td>\n<td>Direct dependency<\/td>\n<\/tr>\n<tr>\n<td>Agno<\/td>\n<td>1.6M<\/td>\n<td>Direct dependency<\/td>\n<\/tr>\n<tr>\n<td>Guardrails<\/td>\n<td>233K<\/td>\n<td>Direct dependency<\/td>\n<\/tr>\n<tr>\n<td>Camel-AI<\/td>\n<td>84K<\/td>\n<td>Direct dependency<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Anyone who ran <code>pip install<\/code> or <code>pip install --upgrade<\/code> on any of these packages during the approximately 4-hour exposure window (roughly 09:00\u201313:30 UTC on March 24) could have pulled the compromised litellm as a transitive dependency.<\/p>\n<p>CI\/CD pipelines are the highest-risk target. They often hold the most privileged credentials \u2014 AWS deployment keys, org-wide API tokens, Docker registry auth \u2014 and they run <code>pip install<\/code> on every build.<\/p>\n<h2>How We Responded at Comet<\/h2>\n<p>When we learned about the compromise, we treated it as a critical security incident and launched an immediate, systematic response:<\/p>\n<h3>1. Full CI\/CD audit across all repositories<\/h3>\n<p>We didn&#8217;t just check one repo. We audited <strong>every active repository<\/strong> in our GitHub organization \u2014 over 50 repos \u2014 examining the actual pip download logs in GitHub Actions job output to determine the exact litellm version installed in each workflow run.<\/p>\n<p>We identified two CI workflows that installed compromised versions during the exposure window. In both cases, the exposed secrets were limited to CI test credentials. No production credentials, customer data, or production infrastructure was affected.<\/p>\n<h3>2. Company-wide developer machine scan<\/h3>\n<p>We deployed a scanning script to every engineer, product manager, and solutions engineer. Each person ran a full scan of every Python virtual environment on their machine, checking for litellm &gt;= 1.82.7.<\/p>\n<p><strong>Result: All developers scanned, zero compromised environments found.<\/strong> The highest litellm version on any developer machine was 1.82.4 \u2014 well below the compromised threshold.<\/p>\n<h3>3. Immediate credential rotation<\/h3>\n<p>We rotated all potentially exposed CI credentials within hours of discovery, without waiting to complete the full investigation.<\/p>\n<h3>4. Platform and cloud confirmation<\/h3>\n<p>Our production services, <a href=\"https:\/\/www.comet.com\/site\/products\/opik\/\">Opik Cloud<\/a>, and all customer-facing infrastructure use pinned, containerized images \u2014 they don&#8217;t run <code>pip install<\/code> at runtime. We confirmed these were never at risk.<\/p>\n<h2>How To Check if You\u2019re Affected<\/h2>\n<p>Run this in every Python environment where you use litellm or any framework that depends on it:<\/p>\n<pre><code>pip show litellm 2&gt;\/dev\/null | grep Version<\/code><\/pre>\n<p>If the version is <strong>1.82.7<\/strong> or <strong>1.82.8<\/strong>, that environment is compromised.<\/p>\n<p>To scan all virtual environments on your machine at once:<\/p>\n<pre><code>find \"$HOME\" -type d -name \"litellm-*.dist-info\" 2&gt;\/dev\/null | while read dir; do\n  version=$(grep -m1 \"^Version:\" \"$dir\/METADATA\" 2&gt;\/dev\/null | awk '{print $2}')\n  venv=$(echo \"$dir\" | sed 's|\/lib\/python.*\/site-packages\/.*||')\n  if [ \"$(printf '%s\\n1.82.7' \"$version\" | sort -V | head -1)\" = \"1.82.7\" ]; then\n    echo \"!! AFFECTED  $version  $venv\"\n  else\n    echo \"   ok         $version  $venv\"\n  fi\ndone<\/code><\/pre>\n<h2>What To Do if You\u2019re Affected<\/h2>\n<ol>\n<li><strong>Stop using the environment immediately.<\/strong> Every Python invocation triggers the exfiltration payload.<\/li>\n<li><strong>Delete and recreate the virtual environment<\/strong> \u2014 don&#8217;t just downgrade, nuke it entirely.<\/li>\n<li><strong>Rotate all credentials<\/strong> that were present on the machine: API keys, cloud credentials, SSH keys, database passwords, anything in environment variables or config files.<\/li>\n<li><strong>Check CI\/CD pipelines.<\/strong> If your CI runs <code>pip install<\/code> without pinning to exact versions, check job logs for <code>Downloading litellm-1.82.7<\/code> or <code>litellm-1.82.8<\/code> lines.<\/li>\n<li><strong>Search for the malicious file<\/strong>: <code>find \"$HOME\" -name \"litellm_init.pth\" 2&gt;\/dev\/null<\/code><\/li>\n<\/ol>\n<h2>Lessons and Recommendations<\/h2>\n<p>This attack reinforces several supply chain security practices that the AI\/ML ecosystem has been slow to adopt:<\/p>\n<h3>Use lockfiles<\/h3>\n<p>In our audit, we found that repos using <code>poetry.lock<\/code> or <code>uv.lock<\/code> were completely protected \u2014 the lockfile pinned litellm to a safe version regardless of what was on PyPI. Repos doing bare <code>pip install<\/code> were vulnerable.<\/p>\n<h3>Pin dependencies to exact versions<\/h3>\n<p>A requirement like <code>litellm&gt;=1.79.2<\/code> means &#8220;give me the latest&#8221; \u2014 which during the attack window meant &#8220;give me the compromised version.&#8221; Pin to exact versions: <code>litellm==1.82.6<\/code>.<\/p>\n<h3>Pin GitHub Actions to SHAs, not tags<\/h3>\n<p>The same attacker group compromised the <a href=\"https:\/\/ramimac.me\/trivy-teampcp\/\">Trivy GitHub Action<\/a> by force-pushing malicious code to existing tags. Only one tag (v0.35.0) was saved by GitHub&#8217;s immutable release protection. Use <code>uses: action@sha256hash<\/code> instead of <code>uses: action@v1<\/code>.<\/p>\n<h3>Audit CI\/CD secret scoping<\/h3>\n<p>We discovered that some of our GitHub Actions workflows had API keys defined as workflow-level environment variables \u2014 available to every step, including <code>pip install<\/code>. Secrets should be scoped to the specific step that needs them.<\/p>\n<h3>Add dependency scanning<\/h3>\n<p>Tools like <code>pip-audit<\/code>, Dependabot, and Socket can catch known-malicious packages before they reach your CI runners.<\/p>\n<h2>Current Status<\/h2>\n<p>As of the time of writing:<\/p>\n<ul>\n<li><strong>PyPI quarantine has been lifted.<\/strong> The compromised versions (1.82.7 and 1.82.8) have been permanently removed. <code>pip install litellm<\/code> now resolves to 1.82.6 (safe).<\/li>\n<li><strong>Comet platform and Opik Cloud were never affected.<\/strong><\/li>\n<li><strong>All Comet CI credentials have been rotated.<\/strong><\/li>\n<li><strong>All Comet developer machines have been verified clean.<\/strong><\/li>\n<\/ul>\n<h2>References<\/h2>\n<ul>\n<li><a href=\"https:\/\/github.com\/BerriAI\/litellm\/issues\/24512\">GitHub issue \u2014 Full technical analysis of the malicious payload<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/BerriAI\/litellm\/issues\/24518\">LiteLLM team security advisory<\/a><\/li>\n<li><a href=\"https:\/\/www.reddit.com\/r\/LocalLLaMA\/comments\/1s2c1w4\/litellm_1827_and_1828_on_pypi_are_compromised_do\/\">Reddit \u2014 Community confirmation both versions compromised<\/a><\/li>\n<li><a href=\"https:\/\/news.ycombinator.com\/item?id=47501729\">Hacker News discussion<\/a><\/li>\n<li><a href=\"https:\/\/ramimac.me\/trivy-teampcp\/\">Related: Trivy supply chain compromise by the same attacker<\/a><\/li>\n<li><a href=\"https:\/\/docs.python.org\/3\/library\/site.html\">Python .pth file documentation<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>LiteLLM \u2014 95 million downloads per month, a dependency of CrewAI, DSPy, Browser-Use, Opik, and nearly every major AI agent framework \u2014 was hit by a supply chain attack. Here is what happened, how we responded, and what you should do right now.<\/p>\n","protected":false},"author":139,"featured_media":19318,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"customer_name":"","customer_description":"","customer_industry":"","customer_technologies":"","customer_logo":"","footnotes":""},"categories":[65,6],"tags":[],"coauthors":[352],"class_list":["post-19305","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-llmops","category-machine-learning"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>LiteLLM Supply Chain Attack: What Happened, Who&#039;s Affected, and What You Should Do Right Now - Comet<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LiteLLM Supply Chain Attack: What Happened, Who&#039;s Affected, and What You Should Do Right Now\" \/>\n<meta property=\"og:description\" content=\"LiteLLM \u2014 95 million downloads per month, a dependency of CrewAI, DSPy, Browser-Use, Opik, and nearly every major AI agent framework \u2014 was hit by a supply chain attack. Here is what happened, how we responded, and what you should do right now.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Comet\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cometdotml\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-24T18:52:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-24T18:57:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1440\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Nimrod Lahav\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Cometml\" \/>\n<meta name=\"twitter:site\" content=\"@Cometml\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nimrod Lahav\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"LiteLLM Supply Chain Attack: What Happened, Who's Affected, and What You Should Do Right Now - Comet","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/","og_locale":"en_US","og_type":"article","og_title":"LiteLLM Supply Chain Attack: What Happened, Who's Affected, and What You Should Do Right Now","og_description":"LiteLLM \u2014 95 million downloads per month, a dependency of CrewAI, DSPy, Browser-Use, Opik, and nearly every major AI agent framework \u2014 was hit by a supply chain attack. Here is what happened, how we responded, and what you should do right now.","og_url":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/","og_site_name":"Comet","article_publisher":"https:\/\/www.facebook.com\/cometdotml","article_published_time":"2026-03-24T18:52:51+00:00","article_modified_time":"2026-03-24T18:57:26+00:00","og_image":[{"width":2560,"height":1440,"url":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png","type":"image\/png"}],"author":"Nimrod Lahav","twitter_card":"summary_large_image","twitter_creator":"@Cometml","twitter_site":"@Cometml","twitter_misc":{"Written by":"Nimrod Lahav","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/#article","isPartOf":{"@id":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/"},"author":{"name":"Nimrod Lahav","@id":"https:\/\/www.comet.com\/site\/#\/schema\/person\/4a54423cd21e28c248c2a6a5d9ca2017"},"headline":"LiteLLM Supply Chain Attack: What Happened, Who&#8217;s Affected, and What You Should Do Right Now","datePublished":"2026-03-24T18:52:51+00:00","dateModified":"2026-03-24T18:57:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/"},"wordCount":1111,"commentCount":0,"publisher":{"@id":"https:\/\/www.comet.com\/site\/#organization"},"image":{"@id":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png","articleSection":["LLMOps","Machine Learning"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/","url":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/","name":"LiteLLM Supply Chain Attack: What Happened, Who's Affected, and What You Should Do Right Now - Comet","isPartOf":{"@id":"https:\/\/www.comet.com\/site\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png","datePublished":"2026-03-24T18:52:51+00:00","dateModified":"2026-03-24T18:57:26+00:00","breadcrumb":{"@id":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/#primaryimage","url":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png","contentUrl":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png","width":2560,"height":1440},{"@type":"BreadcrumbList","@id":"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.comet.com\/site\/"},{"@type":"ListItem","position":2,"name":"LiteLLM Supply Chain Attack: What Happened, Who&#8217;s Affected, and What You Should Do Right Now"}]},{"@type":"WebSite","@id":"https:\/\/www.comet.com\/site\/#website","url":"https:\/\/www.comet.com\/site\/","name":"Comet","description":"Build Better Models Faster","publisher":{"@id":"https:\/\/www.comet.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.comet.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.comet.com\/site\/#organization","name":"Comet ML, Inc.","alternateName":"Comet","url":"https:\/\/www.comet.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.comet.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2025\/01\/logo_comet_square.png","contentUrl":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2025\/01\/logo_comet_square.png","width":310,"height":310,"caption":"Comet ML, Inc."},"image":{"@id":"https:\/\/www.comet.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/cometdotml","https:\/\/x.com\/Cometml","https:\/\/www.youtube.com\/channel\/UCmN63HKvfXSCS-UwVwmK8Hw"]},{"@type":"Person","@id":"https:\/\/www.comet.com\/site\/#\/schema\/person\/4a54423cd21e28c248c2a6a5d9ca2017","name":"Nimrod Lahav","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.comet.com\/site\/#\/schema\/person\/image\/32c89ff6d2f054014472f77885cf369b","url":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/nimrod-lahav-96x96.jpeg","contentUrl":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/nimrod-lahav-96x96.jpeg","caption":"Nimrod Lahav"},"description":"A computer scientist and software engineer, Nimrod is Comet's co-founder and CTO. He held leadership and engineering roles at Wix, VMware and Amdocs. He later co-founded GroupWize, whose team trained and deployed more than 50 natural language processing (NLP) models in 15 languages to analyze chat messages. He holds a bachelor\u2019s degree from the Academic College of Tel Aviv, Yaffo (MTA).","url":"https:\/\/www.comet.com\/site\/blog\/author\/nimrod\/"}]}},"_links":{"self":[{"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/posts\/19305","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/users\/139"}],"replies":[{"embeddable":true,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/comments?post=19305"}],"version-history":[{"count":2,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/posts\/19305\/revisions"}],"predecessor-version":[{"id":19315,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/posts\/19305\/revisions\/19315"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/media\/19318"}],"wp:attachment":[{"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/media?parent=19305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/categories?post=19305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/tags?post=19305"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/coauthors?post=19305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}