LiteLLM cuts ties with controversial startup Delve after malware attack

LiteLLM, one of the most sought-after tools for routing requests to language models, announced the termination of cooperation with startup Delve — amid a serious security incident and pressure from the community. LiteLLM used Delve to obtain two security compliance certificates. Such certificates are important for corporate clients: they signal the maturity of processes and compliance with standards like SOC 2 or ISO.

However, last week LiteLLM fell victim to a malware attack that stole credentials — one of the most dangerous types of threats, as it gives attackers direct access to systems and secrets. Delve — a startup specializing in expedited security audits — has long been a source of controversy in the tech community. Critics point to aggressive marketing practices and questionable rigor in the certifications it issues.

The LiteLLM incident intensified these concerns: a company that was supposed to help clients appear secure turned out to be associated with a partner at the moment of serious compromise. LiteLLM is widely used in the industry as a proxy layer between applications and dozens of language models — from OpenAI and Anthropic to open-source solutions. Through it flow requests from corporate clients, startups, and developers worldwide, making any vulnerability in its infrastructure a potentially large-scale problem.

The LiteLLM team has not disclosed details about the scale of the data breach and whether end users were affected. However, the decision to publicly break ties with Delve suggests that management views this partnership choice as a reputational and operational risk. This story clearly shows how vulnerable the supply chain is in AI infrastructure.

Intermediary tools, like AI gateways, become critical nodes — and any weakness in their partner ecosystem immediately becomes a risk for all who rely on them.