diff --git a/pyproject.toml b/pyproject.toml
index d5b290e5..f7e35a93 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -90,6 +90,13 @@ Homepage = "https://github.com/dreadnode/sdk"
 Repository = "https://github.com/dreadnode/sdk"
 Documentation = "https://docs.dreadnode.io"
 
+# Dependency constraints (transitive pinning)
+
+[tool.uv]
+constraint-dependencies = [
+    "litellm<1.82.6",  # Pin to mitigate supply chain attack (BerriAI/litellm#21971)
+]
+
 # Build
 
 [build-system]