Silicon Valley's two biggest dramas have intersected: LiteLLM and Delve
In a turn of events that seems straight out of an HBO satire, Silicon Valley is currently grappling with two significant dramas involving LiteLLM and Delve. This week, a serious security breach was uncovered in an open-source project developed by LiteLLM, a Y Combinator graduate that has quickly gained popularity among developers.
What is LiteLLM?
LiteLLM is a platform that provides developers with easy access to hundreds of AI models, along with features such as spend management. The project has seen remarkable success, with downloads reaching as high as 3.4 million per day, according to Snyk, a company that specializes in security research. On GitHub, LiteLLM boasts over 40,000 stars and thousands of forks, indicating its widespread use and adaptation by developers.
The Malware Incident
The malware in question was discovered by Callum McMahon, a research scientist at FutureSearch, a company that offers AI agents for web research. The malware infiltrated LiteLLM through a “dependency,” which refers to other open-source software that LiteLLM relies upon. Once inside, the malware began stealing login credentials from everything it accessed. This led to a cascading effect where the malware gained access to more open-source packages and accounts, harvesting even more credentials.
McMahon’s machine experienced a shutdown after he downloaded LiteLLM, prompting him to investigate further. Ironically, a flaw in the malware’s design caused his machine to crash, leading him and renowned AI researcher Andrej Karpathy to conclude that the code was poorly written and likely “vibe coded.”
Response from LiteLLM
In the wake of the incident, LiteLLM’s developers have been working tirelessly to address the situation. Fortunately, the malware was identified relatively quickly, likely within hours of its discovery. However, as of March 25, LiteLLM’s website still proudly displays its compliance with two major security certifications: SOC 2 and ISO 27001.
The Role of Delve
Delve, the startup that assisted LiteLLM in obtaining these certifications, is currently under scrutiny. The company has been accused of misleading its customers regarding their compliance status by allegedly generating fake data and using auditors who merely rubber-stamp reports. Delve has denied these allegations, maintaining that they provide legitimate compliance services.
Understanding Security Certifications
It is important to note that security certifications like SOC 2 are designed to demonstrate that a company has robust security policies in place to mitigate risks, including incidents like malware infiltration. However, these certifications do not guarantee that a company will be immune to such attacks. As pointed out by engineer Gergely Orosz on social media, the irony of the situation is palpable: “Oh damn, I thought this WAS a joke… but no, LiteLLM really was ‘Secured by Delve.’”
Current Status and Future Steps
As LiteLLM continues to deal with the fallout from the malware incident, CEO Krrish Dholakia has refrained from commenting on the relationship with Delve. Instead, he emphasized that the company’s current priority is to actively investigate the breach alongside Mandiant, a cybersecurity firm. Dholakia stated, “We are committed to sharing the technical lessons learned with the developer community once our forensic review is complete.”
Conclusion
The intersection of LiteLLM and Delve highlights the complexities of security in the tech industry, especially within the realm of open-source software. As developers increasingly rely on such platforms, the importance of robust security measures and transparent compliance practices cannot be overstated. The ongoing investigation and subsequent actions taken by LiteLLM will likely serve as a cautionary tale for other startups in Silicon Valley and beyond.
Note: The information provided in this article is based on the latest developments as of March 2026 and may be subject to change as the situation evolves.
