This is one of those real-life Silicon Valley episodes that looks like it was ripped from an HBO satire. This week, some pretty heinous malware was discovered in an open source project developed by Y Combinator alum LiteLLM.
LiteLLM gives developers easy access to hundreds of AI models and provides features such as spend management. It was a huge hit, with 3.4 million downloads per day, according to Snyk, one of many security researchers monitoring the incident. The project had 40,000 stars on GitHub and thousands of forks (people who used it as a base to modify it and make it their own).
The malware was discovered, documented, and published by Callum McMahon, a research scientist at FutureSearch, a company that provides AI agents for web research. The malware arrived through “dependencies,” or other open source software that LiteLLM relied on. It then stole the login credentials of everyone it came in contact with. Using these credentials, the malware accesses more open source packages and accounts to collect more credentials.
After McMahon downloaded LiteLLM, the malware shut down his machine. That incident led him to investigate and discover it. Ironically, a malware bug caused his machine to explode. This nasty code was so sloppily designed that he (and renowned AI researcher Andrei Karpathy) concluded that it must have been vibe-coded.
LiteLLM developers have been working tirelessly this week to fix the situation. And the good news is that this problem was discovered relatively quickly, probably within a few hours.
There’s another part of this story that people at X can’t help but talk about. LiteLLM still proudly displays on its website that it has passed two major security compliance certifications: SOC2 and ISO 27001, as of March 25, when we checked.
But for those certifications, we used a startup called Delve.
tech crunch event
San Francisco, California
|
October 13-15, 2026
Delve, the Y Combinator AI-powered compliance startup, is accused of misleading customers about its true compliance by generating false data and using auditors to rubber-stamp reports. Mr. Delve denies these allegations.
There is one nuance here that is worth understanding. Such certifications are intended to demonstrate that companies have strong security policies in place that limit the likelihood of incidents like this one. Certification does not automatically protect companies like LiteLLM from malware attacks. Although SOC 2 is supposed to cover software dependency policies, malware can still be introduced.
Still, engineer Gergely Orosz saw people making fun of it online and pointed out on X: I thought, “Oh my god, this is a joke.”…But no, LiteLLM *really* is “protected by Delve.” ”
As for LiteLLM, CEO Krrish Dholakia did not comment on its use of Delve. He is still busy cleaning up the unfortunate situation where he was the victim of an attack.
“Our current priority is to work with Mandiant to conduct an active investigation. Once the forensic review is complete, we are committed to sharing the technical lessons learned with the developer community,” he told TechCrunch.
Source link
