LiteLLM Ends Partnership with Delve AI

In a significant move within the AI infrastructure sector, LiteLLM has terminated its partnership with the compliance firm Delve AI. The company, which provides a widely-used AI gateway for developers, stated it will pursue its security certifications anew with a different provider and auditor. This decision follows a severe security breach last week where the open-source version of LiteLLM’s software was compromised by credential-stealing malware.

Before this incident, LiteLLM had engaged Delve to obtain two key compliance validations. These certifications are designed to demonstrate that an organization has established robust security procedures to prevent and mitigate potential threats. The recent breach, however, has cast a shadow over that prior work and the firm that performed it.

Delve AI now faces serious allegations from a whistleblower, who claims the startup misled clients by fabricating compliance data and collaborating with auditors who provided insufficient oversight. The whistleblower has released supporting documentation to back these claims. In response, Delve’s founder has publicly denied any wrongdoing and offered free re-audits to all affected customers. This denial appears to have prompted the anonymous source to release further evidence over the weekend.

Taking decisive action, LiteLLM’s leadership announced a new path forward. Company CTO Ishaan Jaffer declared via social media that LiteLLM will partner with Vanta, a Delve competitor, to manage the re-certification process. Furthermore, LiteLLM will independently select a third-party auditor to verify its security controls, ensuring a clear separation between the certification service and the validation entity. This strategic shift represents a direct response to the past week’s challenges, with the company choosing to rebuild its security posture with entirely new partners.