> The incident also prompted LiteLLM to make changes to its compliance processes, including shifting from controversial startup Delve to Vanta for compliance certifications.
This is pretty funny.
The leaked excel sheet with customers of Delve is basically a shortlist of targets for hackers to try now. Not that they necessarily have bad security, but you can play the odds
This is a good reminder that any tool handling sensitive data — even internal ones — needs to be transparent about where data goes. The assumption that SaaS tools protect your data is getting harder to defend.
Second major supply chain compromise in a week after the axios npm attack. 40 minutes and 500k machines affected. SOC2 won't catch this. The real question is whether your CI pipeline would have flagged a dependency change that happened between your last build and the one going to prod. Most teams have no visibility into that window at all.
15 comments
[ 4.8 ms ] story [ 21.3 ms ] threadThis is pretty funny.
The leaked excel sheet with customers of Delve is basically a shortlist of targets for hackers to try now. Not that they necessarily have bad security, but you can play the odds