Mercor Breach: Supply Chain Attack on LiteLLM Library Exposes Thousands of AI-Driven Firms
Mercor, a Silicon Valley AI-recruitment powerhouse, has fallen victim to a sophisticated supply chain attack targeting the widely used open-source project LiteLLM. The breach originated from malicious code injected into a package dependency, allowing attackers to bypass traditional perimeters. While the vulnerability was mitigated within hours, the scale of the impact is vast, given LiteLLM’s millions of daily downloads.
Industry reports link the activity to the TeamPCPK hacking group, while the notorious extortion collective Lapsus$ has claimed responsibility for the Mercor specific intrusion. Lapsus$ allegedly exfiltrated sensitive internal data, including Slack communications, technical support tickets, and video logs of AI-contractor interactions. Mercor, which provides specialized training talent for giants like OpenAI and Anthropic, has launched an extensive forensic investigation with third-party experts to determine the full extent of the data exposure.