Mercor Says It Was Hit By Cyberattack Tied to Compromise of Open-Source LiteLLM Project

Mercor Cyberattack Exposes a Dangerous Blind Spot in the AI Industry

AI recruiting startup Mercor has confirmed it was hit by a cyberattack linked to a supply chain compromise of open source project LiteLLM. The incident, which also drew claims from extortion group Lapsus$, is raising urgent questions about how deeply AI companies depend on shared open source infrastructure and what happens when that infrastructure is poisoned from the inside.

Credit: Google

If your company uses any AI tooling built on widely adopted open source libraries, this story is one you cannot afford to ignore.

How the Mercor Security Incident Unfolded

The attack on Mercor did not begin at Mercor. It started with LiteLLM, a widely used open source library that helps developers connect to large language models. Malicious code was discovered embedded inside a package connected to the project. Although the harmful code was identified and removed within hours of discovery, the window it created was enough.

Mercor confirmed to journalists that it was among the affected parties, describing itself as one of thousands of companies impacted by the LiteLLM compromise. A hacking group identified as TeamPCP has been linked to the original supply chain attack. What followed added a second layer of complexity to an already serious incident.

Extortion group Lapsus$ separately claimed responsibility for targeting Mercor and announced that it had accessed company data. The group published a sample on its leak site that reportedly included references to Slack conversations, ticketing data, and video recordings of interactions between Mercor's AI systems and its contractors. The exact connection between TeamPCP's supply chain attack and how Lapsus$ obtained that data remains unclear.

What Is LiteLLM and Why Does It Matter

To understand the scale of this incident, it helps to understand what LiteLLM is and why its compromise carries such wide-reaching consequences. LiteLLM is an open source project that acts as a unified interface for calling multiple large language model APIs. It is widely adopted across the AI development community, with the library reportedly downloaded millions of times every day.

When malicious code is inserted into a project this widely used, it does not just affect one company. It creates a shared vulnerability that travels invisibly through supply chains, landing inside products and platforms that may not even be aware they are exposed. This is precisely what makes supply chain attacks so dangerous and so difficult to defend against.

The incident also prompted LiteLLM to revisit its internal compliance processes, including switching its compliance certification provider from one startup to another with a stronger industry reputation.

Who Is Mercor and Why This Attack Carries Extra Weight

Founded in 2023, Mercor is not a small side project. It is a fast-growing AI startup that works with major players in the artificial intelligence space, helping companies recruit and contract specialized domain experts including scientists, doctors, and lawyers. These experts are then used to train AI models, contributing to some of the most advanced systems being built today.

The company facilitates more than two million dollars in daily contractor payouts and was valued at ten billion dollars following a three hundred and fifty million dollar Series C funding round in October 2025. When a company operating at this scale and working this closely with sensitive expert knowledge is hit by a breach, the implications extend beyond data loss.

Contractors on the platform may include professionals who shared personal, financial, and professional information. Clients who rely on Mercor to source specialized expertise may also have had their data exposed. The full extent of the damage is still being investigated.

Mercor's Response: Damage Control in Progress

Mercor moved quickly to acknowledge the incident while carefully managing the details it disclosed publicly. A spokesperson confirmed that the company responded promptly to contain and remediate the attack. The company also stated it was working with third-party forensic experts to conduct a thorough investigation.

The company committed to communicating directly with affected customers and contractors as appropriate. However, follow-up questions about whether Lapsus$ claims were connected to the supply chain attack, and whether any customer or contractor data had been exfiltrated or misused, were not answered at the time of reporting.

This kind of measured response is common in the early stages of a breach investigation, but it leaves a critical gap. The people most directly affected by the incident are contractors and clients who deserve timely, transparent communication. Silence or vague statements, however legally cautious, tend to erode trust faster than bad news delivered honestly.

The Lapsus$ Factor: A Group That Refuses to Go Away

Lapsus$ is not a new name in cybersecurity circles. The extortion group has previously claimed high-profile attacks against major technology companies and has a pattern of targeting organizations with large amounts of sensitive data and then leveraging that data for public pressure and financial gain.

Their involvement in the Mercor incident adds a dimension beyond the technical supply chain compromise. Supply chain attacks create access. Groups like Lapsus$ exploit that access for maximum visibility and leverage. The combination of the two is a particularly damaging pairing that signals a maturing threat environment around AI infrastructure.

The fact that they published sample data publicly, including apparent video recordings of platform interactions, suggests the group is using the incident as both a proof of capability and a negotiating tool.

What AI Companies Need to Learn From This Attack

The Mercor cyberattack is not an isolated incident. It is part of a broader and accelerating pattern of supply chain attacks targeting the open source dependencies that underpin modern AI development. The lesson is not simply that companies need better security tools. It is that the shared infrastructure of the AI ecosystem is both its greatest strength and a significant liability.

Companies building on open source AI libraries need to treat dependency security as a first-class concern, not an afterthought. This means monitoring for malicious code in packages, auditing third-party dependencies regularly, and having incident response plans that can be activated the moment a supply chain compromise is detected upstream.

The AI industry has moved at extraordinary speed over the past few years. That speed has created enormous value, but it has also created gaps in security posture that sophisticated attackers are now actively exploiting. The Mercor incident is a wake-up call, not just for one startup, but for every company building at the intersection of open source software and artificial intelligence.

The investigation is ongoing. More details are expected to emerge as forensic experts complete their review.