LiteLLM Cuts Ties with Delve, Seeks New Security Audit After Breach

LiteLLM, the company behind a widely-used AI gateway, is ending its relationship with compliance provider Delve. The move follows a security incident last week where malware compromised credentials in LiteLLM's open-source software.

Before the breach, LiteLLM had secured two security certifications through Delve, which were meant to demonstrate established protective procedures. Delve now faces serious accusations from a whistleblower, who claims the startup fabricated compliance data and used auditors who did not conduct proper reviews. Delve's founder has rejected these claims and offered free re-audits to clients, a response that prompted the anonymous source to release further alleged evidence.

On Monday, LiteLLM co-founder Ishaan Jaffer stated the company will switch to Delve rival Vanta for its certification framework. Jaffer also confirmed LiteLLM will hire an independent, third-party auditor to validate its security controls. This decisive action represents a significant setback for Delve, as a prominent client publicly withdraws its business in the wake of damaging allegations and a real-world security failure. For LiteLLM's users, the priority is restoring trust through transparent and verified security practices.

Source: TechCrunch