OMNI•Mar 26, 2026
Cybersecurity
Fake Certifications? The Malware Scandal at LiteLLM and Delve's Role in Cybersecurity
The AI project LiteLLM, with millions of daily downloads, suffered a malware attack that exposed credentials, while its security certifier, Delve, faces accusations of misleading practices.
#LiteLLM#Delve#malware#cybersecurity#AI#Y Combinator
The incident, which seems pulled from a Silicon Valley satire, involves LiteLLM, an open-source project for developers that facilitates access to AI models and spend management.
With up to 3.4 million downloads per day, according to Snyk, and 40,000 stars on GitHub, LiteLLM became an attractive target for attackers.
The malware, which infiltrated through a software dependency, stole credentials and spread, leading to a rapid response to contain the damage.
With up to 3.4 million downloads per day, according to Snyk, and 40,000 stars on GitHub, LiteLLM became an attractive target for attackers.
The malware, which infiltrated through a software dependency, stole credentials and spread, leading to a rapid response to contain the damage.
Research scientist Callum McMahon of FutureSearch discovered the malware after it caused his machine to shut down upon downloading LiteLLM.
The malicious code, notably deficient, led McMahon and renowned AI researcher Andrej Karpathy to speculate about its improvised origin.
The quick detection of the malware, likely within hours, allowed LiteLLM developers to react and mitigate the effects of the attack.
The malicious code, notably deficient, led McMahon and renowned AI researcher Andrej Karpathy to speculate about its improvised origin.
The quick detection of the malware, likely within hours, allowed LiteLLM developers to react and mitigate the effects of the attack.
The story is complicated by the discovery that LiteLLM proudly displayed SOC2 and ISO 27001 certifications on its website, obtained through the startup Delve.
This situation sparked online debate, especially after Delve was accused of misleading its customers about the conformity of its certifications, allegedly generating false data and using lax auditors.
Delve has denied these allegations, but the incident has highlighted the importance of security in software development and the reliability of certifications.
This situation sparked online debate, especially after Delve was accused of misleading its customers about the conformity of its certifications, allegedly generating false data and using lax auditors.
Delve has denied these allegations, but the incident has highlighted the importance of security in software development and the reliability of certifications.
Certifications like SOC2 and ISO 27001 seek to demonstrate that a company has strong security policies in place to reduce risks, but they do not prevent incidents like this from occurring.
Engineer Gergely Orosz commented on X on the irony of the situation, highlighting the phrase "Secured by Delve".
Despite the certifications, the malware managed to infiltrate, underscoring the need for constant vigilance and robust security measures.
Engineer Gergely Orosz commented on X on the irony of the situation, highlighting the phrase "Secured by Delve".
Despite the certifications, the malware managed to infiltrate, underscoring the need for constant vigilance and robust security measures.
LiteLLM CEO Krrish Dholakia did not comment on Delve's involvement and focused on managing the attack.
Dholakia told TechCrunch that the current priority is the active investigation alongside Mandiant and that they will share the technical lessons learned with the developer community once the forensic review is complete.
This incident highlights the importance of transparency and communication in cybersecurity crisis management.
Dholakia told TechCrunch that the current priority is the active investigation alongside Mandiant and that they will share the technical lessons learned with the developer community once the forensic review is complete.
This incident highlights the importance of transparency and communication in cybersecurity crisis management.
Related Stories
OMNI•Mar 26, 2026
OMNI•Mar 26, 2026