All posts tagged: LiteLLM

Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project

Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project

Published by skeptic

Mercor, a popular AI recruiting startup, has confirmed a security incident linked to a supply chain attack involving the open-source project LiteLLM. The AI startup told TechCrunch on Tuesday that it was “one of thousands of companies” affected by a recent compromise of LiteLLM’s project, which was linked to a hacking group called TeamPCP. Confirmation of the incident comes as extortion hacking group Lapsus$ claimed it had targeted Mercor and gained access to its data. It’s not immediately clear how the Lapsus$ gang obtained the stolen data from Mercor as part of TeamPCP’s cyberattack. Founded in 2023, Mercor works with companies including OpenAI and Anthropic to train AI models by contracting specialized domain experts such as scientists, doctors, and lawyers from markets including India. The startup says it facilitates more than $2 million in daily payouts and was valued at $10 billion following a $350 million Series C round led by Felicis Ventures in October 2025. Mercor spokesperson Heidi Hagberg confirmed to TechCrunch that the company had “moved promptly” to contain and remediate the security …

Popular AI gateway startup LiteLLM ditches controversial startup Delve

Popular AI gateway startup LiteLLM ditches controversial startup Delve

Published by skeptic

LiteLLM, makers of a popular AI gateway used by millions of developers, has publicly announced that it is ditching compliance startup Delve and will redo its security certifications with another company and auditor. The announcement comes after LiteLLM’s open source version fell victim to some horrific credential-stealing malware last week. Prior to the incident, LiteLLM had obtained two security compliance certifications by hiring AI compliance startup Delve. Such certifications are intended to verify that a company has procedures in place to minimize potential incidents. Delve has been accused of misleading its customers about their true compliance by allegedly generating fake data and using auditors that rubber-stamped their reports. Delve’s founder has denied those allegations and offered free re-tests and audits to all of its customers. That denial encouraged the anonymous Delve whistleblower to double down, including releasing alleged receipts over the weekend. On Monday, LiteLLM CTO Ishaan Jaffer posted on X that his company will be using Delve competitor Vanta to re-certify and will find its own, independent third-party auditor to verify its compliance controls. After such …

Delve did the security compliance on LiteLLM, an AI project hit by malware

Delve did the security compliance on LiteLLM, an AI project hit by malware

Published by skeptic

This is one of those Silicon Valley real-life episodes that seems pulled from the HBO satire show. This week, some really atrocious malware was discovered in an open source project developed by Y Combinator graduate LiteLLM. LiteLLM gives developers easy access to hundreds of AI models and provides features like spend management. It’s a breakout hit, downloaded as often as 3.4 million times per day, according to Snyk, one of the many security researchers monitoring the incident. The project had 40K stars on GitHub and thousands of forks (those who used it as a base to alter and make it their own). The malware was discovered, documented, and disclosed by research scientist Callum McMahon of FutureSearch, a company offering AI agents for web research. The malware slipped in through a “dependency,” meaning other open source software that LiteLLM relied upon. It then stole the log-in credentials of everything it touched. With those credentials, the malware gained access to more open source packages and accounts to harvest more credentials, and so on. The malware caused McMahon’s …