LiteLLM, creators of a widely-used AI gateway for developers, has announced its decision to part ways with compliance startup Delve and will seek security certifications through another company and auditor. This decision follows an incident where LiteLLM’s open source version was targeted by credential-stealing malware.
Before this breach, LiteLLM had secured two security compliance certifications via AI compliance startup Delve, intended to confirm the company had effective procedures to mitigate potential issues.
Delve has faced accusations of deceiving customers about their compliance status by allegedly fabricating data and using auditors who merely rubber-stamped reports. Delve’s founder has denied these claims and offered free re-tests and audits to all customers. However, this denial prompted a whistleblower to release purported evidence of fake compliance.
On Monday, LiteLLM CTO Ishaan Jaffer announced on X that the company will be switching to Delve’s competitor, Vanta, for re-certification and will hire an independent third-party auditor to assess its compliance measures. After a difficult week, LiteLLM is taking decisive action.