Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
This is one of those real-life Silicon Valley episodes that appears to have been ripped from the HBO satirical show. This week some heinous malware was discovered in an open source project developed by Y Combinator graduate LiteLLM.
LiteLLM gives developers easy access to hundreds of AI models and provides features such as spend management. It’s a hit, downloaded an average of 3.4 million times a day. According to Snickone of several security researchers monitoring the incident. It was a project 40k stars on GitHub And thousands of forks (those who used it as a base to change it and make it their own).
Malware detected, Document it and disclose it Written by research scientist Callum McMahon of FutureSearch, a company that provides AI agents for web research. The malware infiltrated via “dependencies,” i.e. other open source software that LiteLLM depends on. Then he stole the login credentials for everything he touched. Through these credentials, the malware was able to access more open source packages and accounts to obtain more credentials, etc.
The malware caused McMahon’s device to shut down after downloading LiteLLM. This event prompted him to investigate and discover it. Ironically, a malware bug caused his device to explode. Because this piece of bad code was sloppily designed, it (as well as Famous artificial intelligence researcher Andrei Karpathy) concluded that it must be encrypted.
The LiteLLM developers have been working nonstop this week To correct the situation The good news is that he was caught relatively quickly, likely within hours.
There is another part to this saga People on X I can’t stop talking about him. LiteLLM, as of March 25 when we looked, still proudly displays on its website that it has passed two major security compliance certifications, SOC2 and ISO 27001.
But she used a startup called Delve to get those certificates.
TechCrunch event
San Francisco, California
|
October 13-15, 2026
Delve is a compliance startup powered by Y-Combinator AI It is accused of misleading its customers about their true compliance Conformity by generating fake data, and using auditors who provide elastic reports. Delve has denied these allegations.
There is one point worth understanding here. These certifications are intended to show that a company has strong security policies in place to reduce the possibility of such incidents occurring. Certificates do not automatically prevent a company, like LiteLLM, from being exposed to malware. While SOC 2 is supposed to cover policies surrounding software dependencies, it is still possible for malware to sneak in.
However, as noted by engineer Gergely Uros On X When he saw people making fun of this online, he said, “Oh my God, I thought this was a joke. …But no, LiteLLM *really* was ‘secured by Delve’.”
As for LiteLLM, CEO Krish Dholakia had no comment on the use of Delve. He’s still busy cleaning up the unfortunate mess of being a victim of the attack.
“Our current priority is to actively investigate alongside Mandiant. We are committed to sharing technical lessons learned with the developer community once our forensic review is complete,” he told TechCrunch.