Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
This is one of those Silicon Valley real-life events that seems to have been lifted from an HBO satire show. This week, the worst malware was discovered in an open source project developed by Y Combinator graduates The cost of LiteLLM.
LiteLLM gives developers easy access to many AI models and offers features like investment management. It is very popular, with an average of 3.4 million downloads per day, according to Snykone of many security researchers monitoring the situation. The task was 40K stars on GitHub and thousands of forks (which he used as a base to modify and develop himself).
Malware detected, written, and revealed and research scientist Callum McMahon of FutureSearch, a company providing AI assistants for online research. The malicious program entered because of a “dependency,” meaning another open source program that LiteLLM depended on. It then stole the login credentials of everything it touched. With this information, the malware gained access to open packages and accounts to obtain more information, etc.
The bug caused McMahon’s machine to shut down after downloading LiteLLM. That experience led him to research and discover it. Ironically, a bug in the malware caused his machine to crash. Because this bad number was created carelessly, he (and Famous AI researcher Andrej Karpathy) determined that they must be vibe coded.
LiteLLM developers have been working non-stop this week to fix things and the interesting thing is that it was caught very quickly, maybe in just a few hours.
There is another side to this saga people on X I can’t stop talking. LiteLLM, as of March 25 when we checked, still shows on its website that it has passed two major security certifications, SOC2 and ISO 27001.
But it used a platform called Delve for the certificates.
Techcrunch event
San Francisco, CA
| |
October 13-15, 2026
Delve is the most powerful Y-Combinator AI tracking startup ever is accused of misleading its customers about their actual compliance pursuing alleged falsification of data, and using auditors who display rubber stamps. Delve has disputed this.
There is one point of nuance here worth understanding. Such assurances are intended to demonstrate that the company has strong security policies in place to minimize the possibility of such incidents. Warranties do not prevent a company, such as LiteLLM, from being affected by malware. Although SOC 2 is supposed to cover the basics of software dependency, malware can still get in.
Even so, as engineer Gergely Orosz said on X when he saw people laughing online, “Oh, I thought this WAS a joke. … but no, LiteLLM *really* was ‘Secured by Delve.’
As for LiteLLM, CEO Krrish Dholakia had no comment on the use of Delve. He was talking about the bad things he had to do.
“The most important thing right now is an active investigation with Mandiant. We are committed to sharing the technical lessons we have learned with the developers after we complete our legal review,” TechCrunch said.
