The two biggest dramas in Silicon Valley have crossed paths: LiteLLM and Delve

This is one of those real-life Silicon Valley episodes that appears to have been ripped from the HBO satirical show. This week, some truly heinous malware was discovered in an open source project developed by Y Combinator alumnus LiteLLM.

LiteLLM gives developers easy access to hundreds of AI models and provides features such as spend management. It’s a hack hit, being downloaded up to 3.4 million times a day, according to Snake, one of several security researchers monitoring the incident. The project had 40k stars on GitHub and thousands of forks (those who used it as a base to change it and make it their own).

The malware was discovered, documented and disclosed by research scientist Callum McMahon of FutureSearch, a company that provides AI agents for web research. The malware infiltrated via “dependencies,” i.e. other open source software that LiteLLM depends on. Then he stole the login credentials for everything he touched. Through these credentials, the malware was able to access more open source packages and accounts to obtain more credentials, etc.

The malware caused McMahon’s device to shut down after downloading LiteLLM. This event prompted him to investigate and discover it. Ironically, a malware bug caused his device to explode. Because this piece of bad code was clumsily designed, he (as well as famous AI researcher Andrei Karpathy) concluded that it must have been encrypted.

The LiteLLM developers have been working non-stop this week to correct the situation and the good news is that it was discovered relatively quickly, likely within hours.

There’s another part to this saga that the people at X can’t stop talking about. LiteLLM, as of March 25 when we looked, still proudly displays on its website that it has passed two major security compliance certifications, SOC2 and ISO 27001.

But she used a startup called Delve to get those certificates.

Delve is a Y-Combinator AI-powered compliance startup that has been accused of misleading its clients about their true compliance compliance by generating fake data, and using auditors who rubber-stamp reports. Delve has denied these allegations.

There is one point worth understanding here. These certifications are intended to show that a company has strong security policies in place to reduce the possibility of such incidents occurring. Certificates do not automatically prevent a company, like LiteLLM, from being exposed to malware. While SOC 2 is supposed to cover policies surrounding software dependencies, it is still possible for malware to sneak in.

However, as engineer Gergely Orosz pointed out on

As for LiteLLM, CEO Krish Dholakia had no comment on the use of Delve. He’s still busy cleaning up the unfortunate mess of being a victim of the attack.

“Our current priority is to actively investigate alongside Mandiant. We are committed to sharing technical lessons learned with the developer community once our forensic review is complete,” he told TechCrunch.