This is one of those real Silicon Valley episodes that looks like it came straight out of an HBO satire. This week, some truly horrific malware was discovered in an open source project developed by Y Combinator graduate LiteLLM.
LiteLLM gives developers easy access to hundreds of AI models and provides features such as cost management. It’s a huge hit, downloaded up to 3.4 million times a day, according to Snykone of several security researchers monitoring the incident. The project had 40k stars on GitHub and thousands of forks (those who used it as a base to alter it and make it their own).
Malware discovered, documented and disclosed by researcher Callum McMahon of FutureSearch, a company that offers AI agents for web research. The malware entered through a “dependency”, meaning other open source software that LiteLLM relied on. It then stole login credentials for anything it touched. With these credentials, the malware gained access to more open source packages and accounts to collect more credentials and so on.
The malware caused McMahon’s machine to shut down after downloading LiteLLM. This fact prompted him to investigate and discover it. Ironically, a bug in the malware caused his computer to explode. Because this piece of ugly code was so sloppily designed, it (as well as Famous AI researcher Andrej Karpathy) concluded that it must have been coded as vibe.
The LiteLLM developers have been working non-stop this week to correct the situation and the good news is that it was caught relatively quickly, probably within hours.
There is another part to this saga children in X can’t stop talking about. LiteLLM, as of March 25th we reviewed, still proudly displays on its website that it has passed two important security compliance certifications, SOC2 and ISO 27001.
But he used a startup called Delve for these certifications.
Techcrunch event
San Francisco, California
|
13-15 October 2026
Delve is the Y-Combinator AI compliance startup accused of misleading its customers about their actual compliance by allegedly creating fake data and using auditors that stamp reports. Delve denied these claims.
There is a point worth understanding here. Such certifications are intended to show that a company has strong security policies in place to limit the possibility of incidents like this. Certifications do not automatically prevent a company like LiteLLM from being hit by malware. While SOC 2 is supposed to cover policies around software dependencies, malware can still sneak in.
Even so, as engineer Gergely Orosz pointed out in X when he saw people making fun of it online, “Oh shit, I thought it was a joke. … but no, LiteLLM *really* was “Secured by Delve””.
As for LiteLLM, CEO Krrish Dholakia had no comment on using Delve. He’s still busy cleaning up the unfortunate mess from being the victim of an attack.
“Our current priority is to actively investigate alongside Mandiant. We are committed to sharing technical lessons learned with the developer community once our forensic examination is complete,” he told TechCrunch.
