Popular AI gateway startup LiteLLM ditches controversial startup Delve

In a direct response to a recent security breach and a widening industry scandal, AI gateway startup LiteLLM has publicly announced it is severing ties with its compliance vendor, Delve. The decision to redo its security certifications through a new provider is a significant move for the widely used developer tool, signaling a clear effort to restore trust after a credential-stealing malware incident compromised its open-source version last week.

The context for this decision is twofold. First, LiteLLM, which had previously obtained two security certifications from Delve, fell victim to a damaging malware attack. Second, Delve itself is now at the center of allegations from a whistleblower who claims the compliance startup generated fake data and used auditors that would simply rubber-stamp reports. While Delve’s founder has denied the accusations, LiteLLM CTO Ishaan Jaffer confirmed on social media that the company will now use competitor Vanta and engage its own independent third-party auditor to re-verify its security controls.

LiteLLM’s public move places a spotlight on the burgeoning, yet largely unregulated, market for AI compliance and security verification. As AI tools become more deeply embedded in enterprise infrastructure, the integrity of third-party certifications is becoming a critical point of failure. This decision could create a ripple effect, prompting other startups that relied on Delve to re-evaluate their own compliance postures and increasing demand for more transparent and rigorous auditing processes across the AI ecosystem.

This incident demonstrates that for critical AI infrastructure providers, the security supply chain is paramount; a partner's reputational crisis can inflict as much damage as a direct technical vulnerability.