An open‑source AI project called LiteLLM was compromised by malware that entered through a software dependency and harvested login credentials. The breach was uncovered by a security researcher after his machine shut down, prompting a rapid investigation with Mandiant. While LiteLLM advertises SOC 2 and ISO 27001 certifications from the compliance startup Delve, the incident raises questions about the effectiveness of such certifications in preventing supply‑chain attacks. Read more →