LiteLLM의 SOC 2 감사자는 – Delve: 공급망 신뢰가 깨졌습니다.

LiteLLM Got Its SOC 2 From Delve - Supply Chain Trust Is Broken Everywhere LiteLLM - the Python package that was just compromised in a supply chain attack exfiltrating credentials from millions of machines - got its SOC 2 compliance audit from Delve, the company caught producing 533 identical template-based audit reports. The company trusted with your API keys had its security "verified" by a provider that used the same Word document for 455 companies. See LiteLLM's compliance status Yesterday, LiteLLM's PyPI package (97 million downloads/month) was compromised. A single pip install litellm was enough to exfiltrate SSH keys, AWS credentials, Kubernetes configs, and every API key on the machine. The poisoned version was up for less than an hour. This is the same LiteLLM whose SOC 2 compliance was audited by Delve - the company we exposed three days ago for producing 533 structurally identical audit reports across 455 companies. Same template. Same auditor license. Same "no exceptions found." The supply chain attack and the compliance scandal aren't just similar patterns. They're the same chain.The company that was supposed to verify LiteLLM's security practices was itself running a template operation. The trust model is the same When you run pip install litellm , you're trusting that: - The package maintainer's account hasn't been compromised - Every dependency in the tree is clean - PyPI's infrastructure hasn't been tampered with - Nobody has injected a .pth file with base64-encoded exfiltration code When a company shows you their SOC 2 badge, you're trusting that: - An independent auditor actually reviewed their controls - The test procedures were designed for their specific systems - Exceptions were honestly reported - The auditor firm isn't a rubber-stamp operation In both cases, the trust chain is long, opaque, and almost nobody verifies it. We just... trust. Because checking is hard. The attack vector is identical: the transitive dependency The LiteLLM attack didn't just hit people who installed LiteLLM directly. It hit anyone who installed anything that depended on LiteLLM. DSPy users got hit. MCP plugin users got hit. The blast radius was the entire dependency tree. The Delve compliance scandal works the same way. A company that used Delve for their SOC 2 didn't just affect themselves - they affected every customer, partner, and investor who relied on that report. The trust propagates down the chain. If your vendor's vendor used Delve, your risk assessment is wrong too. In software supply chain terms: Delve was a transitive dependency in the compliance trust chain. And just like LiteLLM, nobody was checking. Discovery was accidental in both cases The LiteLLM compromise was discovered because the attacker's code had a bug that caused an out-of-memory crash. If the malware had been more efficiently written, it could have run undetected for weeks. The Delve reports were discovered because someone found a publicly accessible spreadsheet linking to hundreds of draft audit reports. If the spreadsheet had been private, 455 companies would still be waving around template-based compliance badges. Neither incident was caught by the systems designed to prevent them. PyPI didn't catch the malicious package. The AICPA didn't catch the template audits. Both were found by accident. What verification actually looks like For software dependencies, the industry is slowly moving toward better verification: SLSA provenance, sigstore signing, reproducible builds, SBOMs. These aren't perfect, but they're a start. The core idea: don't trust, verify. For compliance audits, we need the same shift. That's why we built trustcompliance.xyz- a platform that lets you verify your vendor's compliance posture independently: - Check if your vendor's audit was produced by a flagged provider - Scan any SOC 2 report for template fingerprints (10 known patterns) - Verify auditor credentials against known databases - Get a multi-dimensional risk score based on real signals We're not saying every SOC 2 is fake. Most aren't. But just like you shouldn't blindly pip install without checking, you shouldn't blindly trust a compliance badge without verifying. The connection is literal, not metaphorical LiteLLM (BerriAI) was a Delve compliance customer. Their SOC 2 audit appears in our database. The very company whose PyPI package was just compromised in a supply chain attack had its own compliance audit produced by the same template mill that rubber-stamped 454 other companies. Let that sink in: a package with 97 million monthly downloads, trusted by developers to route their API keys through, had its security "verified" by a company that used the same Word document for every client. The auditor that was supposed to catch security issues like... a supply chain attack waiting to happen... was itself a supply chain trust failure. The trust chain was circular all along. Developers trusted LiteLLM because it had a SOC 2 badge. The SOC 2 badge existe