LiteLLM and Delve controversies collide in Silicon Valley

This situation is one of those rare Silicon Valley moments that feels almost scripted, like something out of an HBO satire. This week, a serious malware issue was uncovered in an open-source project created by Y Combinator-backed startup LiteLLM.

Developers widely use LiteLLM to access hundreds of AI models and manage usage costs. The project has seen rapid adoption, with downloads reaching as high as 3.4 million per day, according to Snyk, one of several firms tracking the incident. On GitHub, it had amassed around 40,000 stars and thousands of forks from developers building on top of it.

The malware was identified and reported by research scientist Callum McMahon from FutureSearch, a company that develops AI agents for web-based research. The malicious code entered through a dependency — meaning an external piece of open-source software that LiteLLM relied on.

Once installed, the malware began extracting login credentials from affected systems. Using those credentials, it gained access to additional open-source packages and developer accounts, allowing it to continue harvesting sensitive data in a chain-like fashion.

The issue came to light when McMahon’s machine unexpectedly shut down after installing LiteLLM, prompting him to investigate. Ironically, a flaw in the malware itself caused the system crash that exposed it. Due to the poor quality of the malicious code, both McMahon and AI researcher Andrej Karpathy suggested it may have been hastily created, possibly using automated coding tools.

LiteLLM’s development team has been working continuously to address the issue. Fortunately, the malware was detected relatively quickly, likely within hours, limiting the potential damage.

At the same time, another controversy has emerged, drawing significant attention online. As of March 25, LiteLLM’s website still displayed claims that it had achieved major security certifications, including SOC 2 and ISO 27001.

These certifications were obtained through Delve, another Y Combinator-backed company. Delve has recently faced allegations of misleading customers about compliance standards by reportedly generating fabricated data and relying on auditors who allegedly approved reports without proper verification. The company has denied these claims.

It is important to note that certifications like SOC 2 and ISO 27001 are designed to demonstrate that a company has strong security policies and processes in place. However, they do not guarantee immunity from incidents such as malware attacks. While SOC 2 includes guidelines for managing software dependencies, vulnerabilities can still arise.

Even so, the overlap between LiteLLM’s security claims and the Delve controversy has sparked widespread discussion. Engineer Gergely Orosz commented on X, expressing surprise that LiteLLM was listed as “Secured by Delve,” highlighting the irony.

As for LiteLLM, CEO Krrish Dholakia declined to comment on the company’s use of Delve, as the team remains focused on resolving the security incident.

“Our current priority is the active investigation alongside Mandiant. We are committed to sharing the technical lessons learned with the developer community once our forensic review is complete,” he said