A realistic photo of a dark office desk where a security certificate is being shredded in front of a computer showing a security warning.

LiteLLM Dumps Controversial Security Partner After Malware Nightmare

LiteLLM just made a public split from its security compliance partner, Delve. If you build with AI, you probably know LiteLLM as the gateway millions of developers use to connect different models. They recently had a very bad week when their open source version got hit by malware that steals credentials. This security breach pushed the company to take a hard look at who was supposed to be keeping their house in order. They decided that Delve was no longer up to the task.

Before this mess happened, LiteLLM used Delve to get two major security certifications. These pieces of paper are supposed to prove to the world that a startup has real procedures in place to stop hackers. They are meant to minimize risks and keep user data safe. But lately, people have been asking if those certifications are even worth the digital ink they are printed on. LiteLLM is not taking any more chances and wants to redo its entire security audit from the ground up with a new team.

Delve is currently at the center of a huge scandal in the tech world. Critics accuse the startup of lying to its customers about their true security status. There are claims that Delve used fake data to pass audits and hired auditors who just rubber-stamped reports without actually checking the work. The founder of Delve has denied everything and even offered free re-tests to anyone who is worried. But that denial only made things worse. An anonymous whistleblower recently released what look like internal receipts that back up the claims of fraud.

The drama reached a breaking point on Monday. LiteLLM’s CTO, Ishaan Jaffer, posted on X that his company is moving over to Vanta, which is one of Delve’s biggest competitors. They aren’t just switching software; they are also finding their own independent auditor to verify that their security controls actually work. Jaffer and his team want to prove to their millions of users that they take security seriously. After the malware incident last week, they know they have a lot of trust to rebuild.

This move is a huge blow for Delve. When a major player like LiteLLM walks away so publicly, it sends a signal to every other startup in the valley. Security compliance is supposed to be about safety, not just checking a box to make investors happy. If the tools used to verify security are broken, then the whole system falls apart. LiteLLM is voting with its feet and its wallet by choosing a partner that hasn’t been hit with these kinds of allegations.

The fallout from this will likely continue for months. Other companies that used Delve are now looking over their shoulders and wondering if their own security certificates are fake. For LiteLLM, the focus is now on recovery. They need to show their developer community that the gateway is once again a safe place to build the future of AI. By cutting ties with Delve and starting fresh, they are trying to put this dark chapter behind them and get back to what they do best.

XUNA AI
, , , , , , , , , , , , ,