LiteLLM, the maker of the popular AI gateway used by millions of developers, has publicly announced that it is exiting compliance startup Delve and redoing its security certifications with a different company and auditor. The announcement comes after the open source version of LiteLLM fell victim to a deadly credential-stealing malware last week.
Prior to the incident, LiteLLM had hired AI compliance startup Delve to obtain two security compliance certifications. Such certifications are intended to validate that a company has procedures in place to minimize potential incidents.
Delve is accused of misleading customers about true compliance by allegedly generating false data and using auditors who rubber-stamped reports. Delve’s founders denied these allegations and offered all customers a free retest and audit. That denial prompted anonymous Delbe whistleblowers to step up their action by releasing purported receipts over the weekend.
On Monday, LiteLLM CTO Ishaan Jaffer posted on X that his company plans to use Delve competitor Vanta for recertification and find its own independent third-party auditor to verify compliance controls. After such a tough week, LiteLLM is voting with its feet.
