Malware hits LiteLLM, security compliance firm accused

An open-source AI project, LiteLLM, which offers developers access to numerous AI models and features like spend management, was recently targeted by malware. The malicious code, discovered by researcher Callum McMahon, infiltrated the project through a software dependency and aimed to steal login credentials. This incident has raised questions about LiteLLM's security compliance, particularly its use of a startup named Delve, which is itself facing allegations of providing misleading compliance certifications. While LiteLLM developers are actively working to resolve the issue and investigate the breach with Mandiant, the situation highlights the ongoing security challenges within the rapidly evolving AI ecosystem.