LiteLLM Hit by Malware Despite Security Certifications
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
This week, a particularly dangerous malware was discovered in an open-source project developed by LiteLLM, a company that emerged from Y Combinator. LiteLLM allows developers to easily access hundreds of AI models and offers features such as expense management. The project has seen explosive success, being downloaded up to 3.4 million times a day, according to Snyk, one of the many security researchers monitoring the incident. The project boasted 40,000 stars on GitHub and thousands of forks, meaning users who have used it as a base to modify and adapt it to their needs.
The malware was discovered, documented, and disclosed by researcher Callum McMahon from FutureSearch, a company that provides AI agents for web research. The malware infiltrated through a dependency, which is another piece of open-source software that LiteLLM relied on. It then stole the login credentials of everything it touched. With these credentials, the malware was able to access other open-source packages and accounts to harvest even more credentials, and so on.
The malware caused McMahon's machine to crash after he downloaded LiteLLM. This incident prompted him to investigate and uncover the issue. Ironically, a bug in the malware caused his machine to fail. Due to the poor design of this malicious code, he and renowned AI researcher Andrej Karpathy concluded that it must have been coded carelessly.
The developers of LiteLLM have been working tirelessly this week to rectify the situation, and the good news is that the problem was detected relatively quickly, likely within a few hours.
There is another aspect of this saga that users on X keep discussing. As of March 25, LiteLLM proudly displayed on its website that it had obtained two major security compliance certifications, SOC 2 and ISO 27001. However, it used a startup called Delve for these certifications.
Delve is the AI-powered compliance startup from Y Combinator that has been accused of misleading its clients about their true compliance by allegedly generating false data and using auditors who validate reports without verification. Delve has denied these allegations.
It is important to understand a point of nuance here. These certifications are supposed to show that a company has strong security policies in place to limit the possibility of incidents like this one. Certifications do not automatically prevent a company, like LiteLLM, from being affected by malware. While SOC 2 is supposed to cover policies surrounding software dependencies, malware can still infiltrate.
Nevertheless, as engineer Gergely Orosz pointed out on X while seeing people mock online, "Oh man, I thought it was a joke... but no, LiteLLM was really 'Secured by Delve.'"
As for LiteLLM, CEO Krrish Dholakia declined to comment on the use of Delve. He is still busy cleaning up the disruption caused by this attack. "Our current priority is the active investigation with Mandiant. We are committed to sharing the technical lessons learned with the developer community once our forensic review is complete," he told TechCrunch.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.