LiteLLM supply-chain attack spurs alternatives

This is the kind of incident that turns an API wrapper into critical infrastructure overnight, and the "alternatives" are really three different stack choices.

• –Bifrost is the nearest like-for-like replacement if you want the same OpenAI-compatible gateway shape; it is Go-native, Apache 2.0, supports 20+ providers, and mostly asks you to change the base URL.
• –Kosong is the most interesting if your app is really an agent runtime. It comes out of MoonshotAI/Kimi CLI and focuses on message normalization and async tool orchestration, not just provider proxying.
• –Helicone is the heaviest option but also the most complete: gateway routing plus analytics, tracing, and prompt management in one stack.
• –The benchmark claims are strong enough to justify a pilot, but I would still verify them on your own workload before moving production traffic.
• –The bigger lesson is supply-chain hygiene: pin exact versions, isolate secrets, and assume any gateway dependency can become a blast radius multiplier.