============================================================ VENDOR COMPLIANCE REPORT ============================================================ Generated: 2026-03-24 Source: TrustCompliance.xyz ------------------------------------------------------------ COMPANY INFORMATION ------------------------------------------------------------ Company Name: LiteLLM Legal Name: BerriAI, Inc. Website: https://litellm.ai Slug: litellm ------------------------------------------------------------ DATABASE STATUS ------------------------------------------------------------ Status: FOUND in leaked database ------------------------------------------------------------ RISK SCORE ------------------------------------------------------------ Score: 41 / 100 Grade: D Summary: High risk. Significant audit integrity concerns detected. Recommend obtaining an independent compliance assessment before vendor engagement. Dimensions: Audit Integrity: 25/100 (35% weight) [NEGATIVE] Company found in leaked database of template-based audit reports [NEUTRAL] Only point-in-time (Type 1) reports found - less concerning than ongoing (Type 2) [NEGATIVE] Audit performed by firm flagged for systematic template reuse Compliance Coverage: 30/100 (25% weight) [NEGATIVE] Only Type 1 point-in-time report from a flagged source [NEUTRAL] Reports dated within Jan-Dec 2025 observation window Infrastructure & Security: 80/100 (20% weight) [POSITIVE] Company maintains a public website [POSITIVE] Website configured with HTTPS [POSITIVE] Hosted on AWS - enterprise-grade infrastructure with native security controls Transparency & Governance: 45/100 (20% weight) [POSITIVE] Registered as "BerriAI, Inc." [NEGATIVE] Zero exceptions reported across all audit periods - statistically improbable, suggests inadequate testing ------------------------------------------------------------ REPORTS FOUND ------------------------------------------------------------ Total Reports: 1 Report Types: SOC 2 Type 1 Report 1: Type: SOC 2 Type 1 Audit End Date: 2025 ------------------------------------------------------------ INFRASTRUCTURE PROVIDERS ------------------------------------------------------------ - AWS ------------------------------------------------------------ RECOMMENDATIONS ------------------------------------------------------------ - LiteLLM was found in the leaked Delve audit database. - Their SOC 2 / ISO 27001 reports may have been template-based. - Request a new audit from a verified, independent CPA firm. - Ask the vendor about their awareness of the Delve situation. - Consider requiring auditor rotation for ongoing engagements. - Review the vendor's actual security controls independently. ------------------------------------------------------------ DISCLAIMER ------------------------------------------------------------ This report is generated by TrustCompliance.xyz and is based on publicly leaked audit data. It is provided for informational purposes only and does not constitute legal, financial, or professional advice. Inclusion in the leaked database does not constitute an accusation of wrongdoing by the listed company. Many companies may have been unaware of Delve's practices. ============================================================ Report generated on 2026-03-24 by TrustCompliance.xyz ============================================================