Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project
The $10B startup, which facilitates $2M in daily payouts, was compromised by a malicious open-source library.
Mercor, a high-profile AI recruiting startup valued at $10 billion following a $350 million Series C round, has confirmed it was compromised by a cyberattack tied to the open-source LiteLLM project. The company, which facilitates over $2 million in daily payouts to domain experts who train models for partners like OpenAI and Anthropic, stated it was "one of thousands of companies" affected by the supply chain attack linked to hacking group TeamPCP. Extortion group Lapsus$ has also claimed responsibility, posting a sample of allegedly stolen data including Slack messages, ticketing information, and videos of AI-contractor interactions on Mercor's platform.
Mercor spokesperson Heidi Hagberg confirmed the company moved promptly to contain the incident and is conducting a thorough investigation with leading third-party forensics experts. The malicious code was discovered in a package for LiteLLM, a Y Combinator-backed library downloaded millions of times daily, and was removed within hours. The incident has prompted LiteLLM to overhaul its compliance processes, shifting from Delve to Vanta for certifications. The full scope of the breach and whether any customer or contractor data was exfiltrated remains unclear as investigations continue.
- Mercor, a $10B AI recruiting startup, was compromised via a supply chain attack on the open-source LiteLLM project.
- Extortion group Lapsus$ claimed responsibility, sharing samples of Slack data, ticketing info, and videos from the platform.
- LiteLLM, downloaded millions of times daily, has changed its compliance provider following the discovery and removal of malicious code.
Why It Matters
Highlights critical supply chain risks for AI companies relying on open-source tools and the vulnerability of sensitive training data.