If you are building AI into your enterprise stack, this story from TechCrunch this week deserves your full attention.
LiteLLM — a wildly popular open source tool downloaded up to 3.4 million times per day — was hit with credential-stealing malware that slipped in through a software dependency.
Discovered and disclosed by research scientist Callum McMahon of FutureSearch, the malware harvested login credentials across every system it touched before a bug in the code caused it to blow itself up. Ironically, researchers including Andrej Karpathy concluded it was likely “vibe coded”, meaning it was AI-generated itself!
But the second layer of this story is arguably worse.
LiteLLM had SOC2 and ISO 27001 certifications displayed on their website, which was issued through Delve, a Y Combinator compliance startup that has been accused of generating fake audit data and using rubber-stamp auditors. Delve, of course, denies the allegations.
Here is the takeaway for anyone deploying AI agents inside a Dynamics 365 or NetSuite environment:
The AI layer is only as trustworthy as the compliance and security infrastructure underneath it.
Certifications matter. Auditors matter. The dependencies your vendors rely on matter.
LiteLLM — a wildly popular open source tool downloaded up to 3.4 million times per day — was hit with credential-stealing malware that slipped in through a software dependency.
Discovered and disclosed by research scientist Callum McMahon of FutureSearch, the malware harvested login credentials across every system it touched before a bug in the code caused it to blow itself up. Ironically, researchers including Andrej Karpathy concluded it was likely “vibe coded”, meaning it was AI-generated itself!
But the second layer of this story is arguably worse.
LiteLLM had SOC2 and ISO 27001 certifications displayed on their website, which was issued through Delve, a Y Combinator compliance startup that has been accused of generating fake audit data and using rubber-stamp auditors. Delve, of course, denies the allegations.
Here is the takeaway for anyone deploying AI agents inside a Dynamics 365 or NetSuite environment:
The AI layer is only as trustworthy as the compliance and security infrastructure underneath it.
Certifications matter. Auditors matter. The dependencies your vendors rely on matter.
Vibe coded security is not security.
Full credit to Julie Bort at TechCrunch for the reporting on both the LiteLLM incident and the Delve connection.
hashtag#EnterpriseAI hashtag#ERP hashtag#Dynamics365 hashtag#NetSuite hashtag#AIAgents hashtag#Cybersecurity hashtag#DynamicsFocus