LiteLLM, the company behind a widely-used AI gateway serving millions of developers, has revealed it is ending its relationship with compliance startup Delve and will pursue security certifications anew with a different provider and auditor. This decision follows a serious incident last week in which LiteLLM’s open source version was compromised by credential-stealing malware.

Before the breach, LiteLLM had secured two security compliance certifications through Delve, which specializes in AI compliance. These certifications are meant to confirm that a company has established protocols to reduce the risk of security events.

Delve has recently faced accusations of misleading clients about their compliance status, with claims that it fabricated data and employed auditors who approved reports without proper scrutiny. The founder of Delve has refuted these allegations and proposed complimentary re-tests and audits for all customers.

In response to that denial, an anonymous whistleblower associated with Delve intensified their claims over the weekend, sharing what they describe as supporting evidence.

On Monday, LiteLLM’s Chief Technology Officer, Ishaan Jaffer, stated on X that the company will now work with Delve’s competitor, Vanta, to obtain re-certification. LiteLLM also plans to engage an independent third-party auditor to validate its compliance measures.

Following a particularly difficult week, LiteLLM is taking decisive action by moving forward with new partnerships.