- LiteLLM, a widely used AI gateway startup, publicly announced it is dropping compliance partner Delve and switching to competitor Vanta for security recertification.
- The decision followed a credential-stealing malware attack on LiteLLM’s open-source version that compromised versions 1.82.7 and 1.82.8 through a CI/CD pipeline exploit.
- Delve faces separate allegations from anonymous whistleblowers of generating fake compliance data and using auditors who rubber-stamped reports without proper verification.
- LiteLLM CTO Ishaan Jaffer said the company will engage an independent third-party auditor to verify its compliance controls going forward.
What Happened
LiteLLM, a San Francisco-based AI gateway startup used by millions of developers, announced that it is cutting ties with Delve, the compliance startup it had hired to handle its security certifications. LiteLLM CTO Ishaan Jaffer posted on X that the company will redo its security certifications using Delve competitor Vanta and will hire its own independent third-party auditor to verify compliance controls separately.
The announcement came in the wake of a credential-stealing malware attack that hit LiteLLM’s open-source project the previous week, raising immediate questions about the effectiveness of the security compliance work Delve had performed for the company.
Why It Matters
LiteLLM provides critical infrastructure for integrating AI capabilities into applications, serving as a gateway layer that lets developers route requests across multiple large language model providers through a single API. A malware compromise in that kind of infrastructure can cascade across thousands of downstream applications and organizations that depend on LiteLLM to manage their AI API traffic.
The incident intersected with a separate, growing controversy around Delve itself. As TechCrunch reporter Julie Bort reported on March 26, anonymous whistleblowers accused Delve of generating fake compliance data and employing auditors who rubber-stamped reports without proper verification. Additional alleged internal documents surfaced over the following weekend, intensifying scrutiny of the compliance startup’s practices.
The convergence of these two stories created what Bort described as an intersection of “Silicon Valley’s two biggest dramas.” LiteLLM had trusted Delve to certify its security controls. When a malware attack penetrated those controls, the value of Delve’s certifications came under direct question.
Technical Details
The malware attack targeted LiteLLM’s open-source version and was designed to harvest user credentials. Security researchers identified the attack vector as a Trivy CI/CD pipeline compromise that injected malicious code into versions 1.82.7 and 1.82.8 of the LiteLLM package. The group behind the attack has been identified as TeamPCP by The Hacker News.
The breach had real downstream consequences. AI hiring platform Mercor confirmed it was hit by a cyberattack tied to the LiteLLM supply chain compromise, with hackers claiming to possess 4 terabytes of critical data from Mercor’s systems. The incident illustrates how a single compromised dependency in the AI toolchain can ripple outward to affect enterprise customers.
Prior to the incident, LiteLLM had obtained two security compliance certifications through Delve. The timing of the malware attack, arriving while Delve-certified security controls were supposedly in place, raised pointed questions about whether those certifications reflected actual security practices or merely procedural checkboxes.
Delve’s founder denied the whistleblower allegations and offered free re-tests and audits to all customers. However, LiteLLM chose to move to Vanta regardless, signaling a complete loss of confidence in Delve’s certification process.
Who’s Affected
Developers and organizations using LiteLLM’s open-source gateway need to verify they are running patched versions and audit their credential stores for potential exposure. Any organization that ran versions 1.82.7 or 1.82.8 should treat stored credentials as potentially compromised and rotate them.
Delve’s other customers face uncertainty about the validity of their own compliance certifications. Companies that obtained SOC 2 or similar certifications through Delve may need to consider independent re-audits, particularly if they operate in regulated industries where compliance documentation must withstand scrutiny from customers, auditors, or regulators.
What’s Next
LiteLLM’s recertification through Vanta with an independent auditor will take time, and the company has not disclosed a timeline for completing the process. The broader fallout depends on whether Delve’s whistleblower allegations are substantiated through further investigation or regulatory action. For the AI infrastructure ecosystem, the incident highlights a systemic risk: open-source projects that sit in the critical path of AI deployments are attractive targets for supply chain attacks, and compliance certifications alone do not guarantee security.
