LiteLLM, makers of a popular Artificial Intelligence gateway used by millions of developers, said it is severing ties with compliance startup Delve and will redo its security certifications with another provider and auditor. The move follows a damaging week in which LiteLLM’s open source version was hit by credential-stealing malware.
Before that incident, LiteLLM had obtained two security compliance certifications by hiring Artificial Intelligence compliance startup Delve. Those certifications are meant to confirm that a company has procedures in place to reduce the likelihood of security incidents. The reversal now raises fresh questions about the reliability of the earlier compliance work and about how LiteLLM intends to validate its controls going forward.
Delve has been accused of misleading customers about their actual compliance status by allegedly generating fake data and relying on auditors that rubber-stamped reports. Delve’s founder has denied those allegations and offered free re-tests and audits to all customers. The dispute intensified after an anonymous whistleblower renewed the claims and released alleged supporting receipts over the weekend.
On Monday, LiteLLM CTO Ishaan Jaffer posted on X that his company will be using Delve competitor Vanta to re-certify and will find its own, independent third-party auditor to verify its compliance controls. The decision signals a clear break from Delve as LiteLLM responds to both the fallout from the malware incident and the broader controversy surrounding Delve’s certification process.
