Governance, Risk and Compliance, AI/ML, Audits (External, Internal)

LiteLLM ditches Delve after malware attack

Digital compliance and data security concept with a holographic document surrounded by legal and regulatory icons, protected by hands in a dark background.

Per TechCrunch, LiteLLM, a popular AI gateway provider used by millions of developers, has announced it is discontinuing its relationship with compliance startup Delve. This decision follows a recent security incident where the open-source version of LiteLLM was compromised by credential-stealing malware.

The incident occurred shortly after LiteLLM had obtained two security compliance certifications from Delve. These certifications are designed to assure users that a company has implemented robust security measures. However, allegations have surfaced that Delve may have misled customers by fabricating data and using auditors who allegedly rubber-stamped reports.

Despite denials from Delve's founder, a whistleblower has released further alleged evidence. In response, LiteLLM CTO Ishaan Jaffer stated on X that the company will pursue recertification with Vanta, a competitor to Delve, and will engage an independent third-party auditor.

Source: TechCrunch

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds