LiteLLM had the certifications. The hackers had the credentials.
The AI gateway startup—trusted by thousands of engineering teams to route calls to OpenAI, Anthropic, and other LLM providers—confirmed last week that it fell victim to credential-stealing malware. The irony cut deep: LiteLLM had just obtained security compliance certifications through startup Delve, only to watch hackers walk off with the very credentials those certifications were supposed to protect.
The breach has triggered a broader reckoning in AI infrastructure. LiteLLM, which sits between enterprises and AI providers as a routing and monitoring layer, processes API calls and keys for a significant portion of its customers. When a gateway gets compromised, every downstream integration becomes a potential leak point. The company severed ties with Delve immediately after discovering the incident, according to TechCrunch. Delve did not respond to questions about whether the malware originated through their systems or whether certifications were issued before the breach was detected.
This is the security theater problem laid bare. Delve sold compliance certifications—automated evidence collection and audit support promising SOC 2 and ISO 27001 compliance in weeks rather than months. The model works if compliance means having documented policies. It falls apart if compliance means actual security.
The distinction matters enormously for infrastructure companies. A gateway handling API keys and AI calls sits at a chokepoint attackers actively target. Compromising one such service exposes thousands of customers simultaneously. That's the trade-off compression that makes this breach different from a typical software supply chain attack.
The AI infrastructure layer has become a high-value target precisely because of this central position. LiteLLM is far from alone in using third-party compliance tools. Drata, Vanta, and Secureframe have built substantial businesses around automated certification pipelines. The question is whether any of them would have caught the specific attack vector that compromised Delve—or whether their audits would have certified the same paper safety that LiteLLM purchased.
For enterprises routing AI traffic through gateways, the lesson is uncomfortable. Compliance certifications may document that a company has security policies. They do not document that those policies stop attackers. The gap between "certified" and "secure" just got a lot harder to ignore.