LiteLLM, makers of a popular AI gateway used by millions of developers, has publicly announced that it is ditching compliance startup Delve and will redo its security certifications with another company and auditor. The announcement comes after LiteLLM’s open source version fell victim to some horrific credential-stealing malware last week.
Prior to the incident, LiteLLM had obtained two security compliance certifications by hiring AI compliance startup Delve. Such certifications are intended to verify that a company has procedures in place to minimize potential incidents.
Delve has been accused of misleading its customers about their true compliance by allegedly generating fake data and using auditors that rubber-stamped their reports. Delve’s founder has denied those allegations and offered free re-tests and audits to all of its customers. That denial encouraged the anonymous Delve whistleblower to double down, including releasing alleged receipts over the weekend.
On Monday, LiteLLM CTO Ishaan Jaffer posted on X that his company will be using Delve competitor Vanta to re-certify and will find its own, independent third-party auditor to verify its compliance controls. After such a harsh week, LiteLLM is voting with its feet.
