LiteLLM Cuts Ties with Delve Following Major Data Breach
LiteLLM severed ties with Delve due to a major data breach affecting user data.
Why it matters: General Counsels face potential legal liabilities from insecure AI partnerships. Evaluating compliance rigorously can avert serious risks.
- LiteLLM ended its partnership with Delve on March 30, 2026.
- Malware in LiteLLM's update compromised sensitive user credentials.
- LiteLLM will recertify compliance via Vanta and independent audits.
- Delve allegedly falsified key compliance certifications.
LiteLLM, a major AI gateway, formally terminated its partnership with Delve after discovering malware in a software update, which was published on PyPI on March 24, 2026. This breach exposed sensitive information such as SSH keys and cloud credentials, raising major security concerns.
The decision comes amid accusations that Delve falsely certified SOC 2 and ISO 27001 compliance, crucial credentials for industry security benchmarks. These claims threaten the integrity of partnerships and highlight how failure to verify partner compliance can pose significant legal and financial risks.
LiteLLM's CEO, Krrish Dholakia, stated on April 5, 2026, "Our immediate focus is continuing the investigation with Mandiant. Post-review, we'll share technical insights with the community." Both the allegations against Delve and LiteLLM's planned recertifications with Vanta and a third party reinforce their commitment to user security.
Gaining accurate certifications is vital for AI firms as partnerships drive their technological advances. GCs must ensure that their partners meet compliance requirements to mitigate potential liabilities. The resulting corporate scrutiny demands a high level of diligence and transparency. Further details are available in this TechCrunch article.
What's next: LiteLLM is conducting a third-party forensic review and plans to share findings with developers.