u/Own-Fennel-3875

LiteLLM is great and all, but what about security?

Genuine question, not a dunk.

We're trying to roll out LiteLLM company-wide, and security is blocking it. Their worry is that it's a single component holding keys to every provider, sitting in the path of all our prompt data, with audit logging that isn't where they need it for compliance. I get it, that's a juicy target.

For those in regulated environments (health, finance, gov): did you actually get LiteLLM approved, and what did it take? Self-hosting only? Custom audit logging? A wrapper around the wrapper? Or did the review push you to something else entirely?

Trying to work out if this is a "configure it right" problem or a "wrong tool for this context" problem.

reddit.com
u/Own-Fennel-3875 — 12 hours ago

LLM spend is out of control, how are teams actually tracking cost per team in 2026?

We're now at three teams using LLMs, and we've completely lost visibility into who's spending what. Costs jumped last quarter, and nobody can explain where the increase came from.

What we really need is:

* Cost attribution by team

* Basic access controls

* Something that doesn't need a full-time engineer to maintain

So far I've looked at:

* LiteLLM — already familiar with it, but the dashboard has been pretty unreliable in my experience

* TrueFoundry — team-level cost tracking looks promising, but I haven't evaluated it deeply yet

* Portkey — observability seems strong, though the self-hosted experience feels like a secondary focus

* Kong — seems like overkill for this use case

* OpenRouter — doesn't seem built for internal cost attribution

Curious what others are using. Has anyone found a clean solution for this without building a bunch of custom infrastructure?

reddit.com
u/Own-Fennel-3875 — 10 days ago