PyPI Supply Chain Attack Hits LiteLLM, Gemini API Pricing Tiers Land, OpenAI Codex Goes Pay-As-You-Go
- PyPI + LiteLLM — Malicious package injects credential-harvesting code; affected users must rotate API keys.
- Gemini API — Published tiers: 2.5 Flash-Lite $0.10 input / $0.40 output; Flash $0.30/$2.50; 3.1 Flash-Lite Preview $0.25/$1.50; 3.1 Pro Preview $2–$4 / $12–$18 per million tokens. Batch API typically ~50% off.
- OpenAI Codex — Pay-as-you-go removes upfront commitment; opens Codex to smaller teams.
- Theme — Supply chain security and API monetization evolve in parallel as AI tooling scales.
April 4, 2026 evening highlights three stories: a PyPI supply chain attack targeting LiteLLM, new Gemini API pricing tiers, and OpenAI Codex moving to pay-as-you-go.
PyPI Supply Chain Attack Hits LiteLLM
Malicious package highlights AI-tooling supply chain fragility
Security Community · April 4, 2026
A supply chain attack compromised LiteLLM via a malicious PyPI package, injecting credential-harvesting code into downstream installations. Security teams issued mitigation guidance and advised affected users to rotate API keys for all providers including Anthropic ($3/$15 per million tokens on Sonnet 4.6), OpenAI, and Google (Gemini 2.5 Flash at $0.30/$2.50).
Tech Analysis
AI developer tooling depends on deep chains of open-source packages. Expect signed, reproducible builds, tighter dependency pinning, and runtime policy layers like Vercel’s deploy-time guardrails to become baseline.
Google Launches Gemini API Pricing Tiers
Differentiated cost-performance bands for every workload profile
Google · April 4, 2026
Google laid out Gemini API pricing with distinct cost-performance bands. Documented rates per million tokens: Gemini 3.1 Pro Preview input $2.00 (≤200k tokens) or $4.00 (>200k), output $12.00–$18.00; Gemini 3.1 Flash-Lite Preview input $0.25, output $1.50; Gemini 2.5 Flash input $0.30, output $2.50; Gemini 2.5 Flash-Lite input $0.10, output $0.40. Batch API typically reduces costs by roughly 50%. Free-tier Google Search Grounding allows 500 requests per day shared across Flash and Flash-Lite.
Tech Analysis
Tiered pricing reflects enterprise maturity: production workloads need SLA guarantees; background analytics tolerate variable latency. Anthropic and OpenAI should be expected to respond with similar priority tiers beyond Anthropic’s existing $3/$15 Sonnet 4.6 rate.
OpenAI Codex Goes Pay-As-You-Go
Removing upfront commitment opens Codex to smaller teams
OpenAI · April 4, 2026
OpenAI moved Codex to pay-as-you-go pricing, removing the upfront commitment that had limited adoption among smaller teams. Developers can now access Codex on standard API terms, competing directly with Cursor Composer 2 ($0.50–$1.50 per million input tokens) and GitHub Copilot Pro ($20/month) among small and mid-sized teams.
Tech Analysis
Pay-as-you-go lowers the friction for CI/CD integration experiments and pressures both Claude Code and Cursor at the entry tier. Expect coding-agent pricing to converge toward a low-floor, high-ceiling structure tied to agent task duration.
Related
- Anthropic Agent Access Restrictions, Vercel Guardrails, Gemma 4 — April 4, 2026
- Claude Code Linux Vulnerability, AgentNews, Self-Distillation — April 5, 2026
- Google AI Edge Gallery, OpenAI
Related
22B, Gemini API Tiers — April 6, 2026
- Google Gemma 4 Goes Open, OpenAI Acquires TBPN Media, Alibaba Launches Qwen3.6-Plus — AI Update for April 3, 2026
- Gemma 4 Open Models Debut, Gmail Hardens Gemini Privacy, OpenAI Pushes Industrial AI Policy — AI Evening Update for April 8, 2026
Sources
AI Biz Insider · AI Trends · aibizinsider.com