LiteLLM (YC W23)

📣 Announcing @LiteLLM's April Townhall Agenda: - Product roadmap - Reliability and security updates - Open Q&A with the team Register here: forms.gle/zyyHLhHEyWGo1A…

5️⃣ new things @LiteLLM 🐳 Docker - All Pip+NPM+Docker deps now pinned 💪 Qohash - new Guardrail provider 🛠️ Teams - enforce TPM/RPM limits for members 🎉 Gemini - skip fetch for File API URLs 🧹 Azure - forward api_version on embeddings

@shahin43 @garrytan @mercor_ai Sharing the updates from our public Town Hall: docs.litellm.ai/blog/security-…

@garrytan @mercor_ai this is so concerning about safety and security of Data. Pypi package leak, which poisoned @LiteLLM is main reason for this leak

Wow. Incredible amount of SOTA training data now just available to China thanks to @mercor_ai leak. Every major lab. Billions and billions of value and a major national security issue.

@CipherBC @ResolvLabs Sharing our continuous Security Update: docs.litellm.ai/blog/security-…

🟡March was brutal. We hope all affected projects have recovered🔐 🔴 @LiteLLM: hijacked maintainer account pushed malicious packages to this protocol that stole crypto private keys and cloud credentials from dev environments 🔴 @ResolvLabs, a stolen minting key let an attacker create $80M in unbacked stablecoins, draining $23M in ETH. 🔴 French Corporate Networks: fake CV files deployed crypto miners and credential stealers, targeting only enterprise machines to avoid detection.

Popular AI gateway startup LiteLLM ditches controversial startup Delve techcrunch.com/2026/03/30/pop…

Update from us @LiteLLM, We will be partnering with @TrustVanta for its SOC-2 Type 2 and ISO 27001 recertification. Thank you to the Vanta team for their quick help! We are also in the process of identifying 3rd party auditors to verify our compliance controls.

Also @LiteLLM immediately went public, transparently, and is even doing a webinar, to talk about lessons learned. I haven’t heard shit from aqua nor checkmarx. When they should be role models about how to handle incidents. Instead they show us what NOT to do.

Fascinating seeing security companies are so much worse at responding to incidents than non-security companies Both aqua and checkmarx didn’t do a good job. LiteLLM handled it much better. Curious!!

Hi everyone, We'll be hosting a townhall tomorrow from 7:30am PST - 8:30am PST for LiteLLM users. To discuss what we've learnt and share planned improvements. If you're interested, sign up here: forms.gle/D788oPFjX8xKwF…

Hi everyone, We'll be hosting a townhall tomorrow from 7:30am PST - 8:30am PST for LiteLLM users. To discuss what we've learnt and share planned improvements. If you're interested, sign up here: forms.gle/D788oPFjX8xKwF…

The security response by @LiteLLM has really been commendable. They were blindsided by the breach but within a day they hired professionals to guide them through a process that they themselves probably weren’t mature enough for as a company. @AquaSecTeam slow rolled their response which gave threat actors days and an entire weekend before victims learned about it. They even got popped a third time during this. This delay will go down in history as an S-tier fumble. @Checkmarx - well, their two actions and OpenVSX extensions got backdoored and I don’t see a public advisory or statement yet. The two security companies here demonstrate how not to handle incidents; while the young AI startup makes the best of a very difficult situation.

If you’re interested in helping us build a more secure and reliable AI gateway, come join us jobs.ashbyhq.com/litellm

@pypi Active incident thread: github.com/berriAi/litell…

The comprised packages were 1.82.7 and 1.82.8, they were quarantined and deleted, thanks to @pypi team No LiteLLM releases will out until we have scanned our chain and make sure it’s safe We are actively investigating, reach out to support@berri.ai with any questions/concerns

[INCIDENT UPDATES] - Compromised LiteLLM packages have been deleted. - Proxy docker image users were not impacted - All dependencies are pinned on requirements.txt. - Compromise came from Trivvy security scan dependency, looking into it with Google’s Mandiant Security

Thanks to my personal fav @LiteLLM, switching to a faster api model was eassssy. So been using @AnthropicAI Haiku

great guide on using @openclaw (ClawdBot) + @LiteLLM + @nebiustf  👍

@NirantK Looking into it

.@LiteLLM has a bug on their Gemini LLM caching which is leading to 2-10x costs, we raised a PR to fix 3 days ago. How do we get someone to take a review? PR link below from our team

Boy, have we got news for you! 🧑‍🍳 The @openwork_ai team is happy to announce: - Amazon Bedrock integration, contributed by our friends at @awscloud (thanks guys!) - Native @deepseek_ai integration - Integration with @openrouter and @LiteLLM! Here's how what it looks like >>

first, pinky, we will use @DSPyOSS and @LiteLLM proxy server with custom guardrails to translate any api call into spanish... ...then, we try to take over the world!