Delve did the security compliance on LiteLLM, an AI project hit by malware

2026-03-26 · Source: TechCrunch · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Software Development & Engineering · Depth: Intermediate, quick

Summary

A severe malware incident was discovered in LiteLLM, a popular open-source project providing access to hundreds of AI models and downloaded up to 3.4 million times daily. The malware, which infiltrated LiteLLM through a dependency, was designed to steal login credentials from affected systems and propagate to other open-source packages and accounts. Research scientist Callum McMahon of FutureSearch identified the malware after it caused his machine to shut down, attributing its sloppy design to "vibe coding." LiteLLM developers have been working to remediate the situation, catching the incident relatively quickly. The incident also highlighted LiteLLM's use of Delve, an AI-powered compliance startup accused of providing misleading security certifications like SOC2 and ISO 27001, raising questions about the efficacy and integrity of such certifications in preventing supply chain attacks.

Key takeaway

For CTOs and VPs of Engineering evaluating open-source AI tools, this incident underscores the critical need for robust supply chain security practices. Do not solely rely on security certifications like SOC2 or ISO 27001 as a guarantee against malware, especially when dealing with projects that integrate numerous external dependencies. Your teams should implement rigorous dependency scanning and continuous runtime monitoring to detect and mitigate threats proactively, rather than waiting for a certification to fail.

Key insights

Open-source projects face significant supply chain risks, even with security certifications.

Principles

• Dependency security is critical for open-source projects.
• Certifications do not guarantee immunity from malware.

In practice

• Scrutinize third-party dependencies for vulnerabilities.
• Implement continuous monitoring for anomalous system behavior.

Topics

• Open-Source Security
• Supply Chain Attacks
• AI Model Gateways
• Security Certifications
• Malware Incident Response

Code references

• BerriAI/litellm

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Engineer, Security Engineer, MLOps Engineer

Related on AIssential

• Microsoft’s open source tools were hacked to steal passwords of AI developers — Hackers are exploiting open source supply chains, even within major tech companies, to steal developer credentials.
• You Patched LiteLLM, But Do You Know Your AI Blast Radius? — The LiteLLM compromise reveals AI system risk extends beyond dependencies to runtime access and hidden connections.
• LiteLLM Supply Chain Attack: What Happened, Who’s Affected, and What You Should Do Right Now — A litellm supply chain attack compromised PyPI, exfiltrating credentials via malicious package versions.
• After data breach, $10B-valued startup Mercor is having a month — A supply chain attack via a popular open-source tool led to a major data breach impacting a high-value AI startup.
• OpenSSF CTO on Building Trust in Open Source with AI — OpenSSF aims to secure the open source ecosystem through proactive measures, AI tools, and global collaboration.
• Our response to the TanStack npm supply chain attack — Supply chain attacks targeting open-source dependencies pose a significant and evolving threat to modern software ecosystems.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by TechCrunch.