Why Seracade Doesn't Install Anything on Your Machine

March 2026

PyPI supply chain attacks are not hypothetical. Compromised packages regularly ship credential stealers that run on every Python process where they are installed, often reaching tens of thousands of downloads before removal. Every locally installed dependency is an additional surface for this class of attack.

This is the risk of installing LLM tooling as a package in your environment. Every dependency is a trust decision. Every update is a potential attack surface.

How most LLM proxies work

• You install a Python or Node.js package
• The package runs in your process, with access to all your environment variables
• It depends on dozens of transitive dependencies, any of which could be compromised
• You self-host the proxy on your infrastructure (Docker, K8s, etc.)
• Every pip install or npm update is a supply chain risk

How Seracade works

• You change one environment variable: OPENAI_BASE_URL=seracade.com/v1
• No package installed. No pip, no npm, no Docker.
• The proxy runs on Cloudflare Workers at the edge, maintained by Seracade
• Your API key travels in the Authorization header (standard HTTPS), same as it does to OpenAI directly
• Seracade sees a SHA-256 hash of your key for identification. Never the key itself.
• Your code, your dependencies, your process — untouched

What this means for security

• Zero supply chain surface on your machine
• No transitive dependencies to audit
• No package updates to monitor for malicious changes
• No container to secure, patch, or maintain
• If Seracade's infrastructure were compromised, the worst case is your API calls fail (502). Your credentials are never at risk because they're never stored or processed by Seracade's code on your machine.

The tradeoff

• You trust Cloudflare's infrastructure (SOC 2 Type II certified)
• You trust that HTTPS between your app and Seracade is secure (TLS 1.3)
• You trust that Seracade's Worker doesn't exfiltrate your data (our code is auditable, and we plan to open-source the proxy)
• These are the same trust decisions you make when calling OpenAI, Anthropic, or Google directly

We built Seracade this way because we believe the safest code on your machine is code that isn't there. One env var. No install. No supply chain. That's the architecture.