Mercor Confirms Security Breach Linked to LiteLLM Supply Chain Attack
Mercor, an emerging AI recruiting startup, has reported a security incident connected to a supply chain attack involving the open-source project LiteLLM. This announcement highlights the vulnerabilities present within widely used software components and the potential threats they pose to businesses in the tech space.
Extortion Group Claims Responsibility for Data Breach
In a statement to TechCrunch, Mercor indicated that it was “one of thousands” of firms impacted by a recent breach of LiteLLM’s project, attributed to a hacking group known as TeamPCP. This comes in the wake of claims from the extortion hacking group Lapsus$, which asserted that it had infiltrated Mercor and accessed confidential data.
Details Surrounding Data Access Remain Unclear
The specifics regarding how Lapsus$ managed to acquire the stolen data during the TeamPCP attack remain ambiguous. As investigations continue, the lack of clarity underlines the complexities involved in cybersecurity and data protection.
Get fintech insights, deals, and updates before everyone else
Join 1,000+ fintech professionals
Mercor’s Role in AI Training and Financial Success
Founded in 2023, Mercor collaborates with industry leaders like OpenAI and Anthropic to enhance AI models by recruiting specialized experts from various fields, including medicine and law. The company claims it facilitates daily payouts exceeding $2 million and achieved a valuation of $10 billion following its recent $350 million Series C funding round led by Felicis Ventures in October 2025.
Company’s Response to the Cyber Incident
Following the breach, Mercor’s spokesperson Heidi Hagberg affirmed that the organization acted swiftly to contain and address the situation. “We are conducting a thorough investigation supported by leading third-party forensics experts,” Hagberg stated. The company has committed to maintaining open lines of communication with customers and contractors throughout the resolution process.
Data Sample Released by Lapsus$ Highlights Security Concerns
Earlier, Lapsus$ took responsibility for the data breach on its leak site, sharing a sample of the information believed to have been retrieved from Mercor. This sample allegedly contained Slack data, ticketing records, and videos purportedly depicting interactions between Mercor’s AI systems and contracted experts, raising significant concerns about data security and client privacy.
Ongoing Investigations and Compliance Measures Post-Incident
The compromise of LiteLLM first came to light last week after malicious code was discovered within a package linked to the project. While the code was promptly identified and eliminated, the incident sparked concern due to LiteLLM’s extensive usage across the internet, with millions of downloads daily, according to security firm Snyk. In response, LiteLLM has initiated changes to its compliance processes, switching its compliance certifications from the controversial startup Delve to Vanta. As investigations into the incident continue, it remains unclear how many organizations were impacted or if there was any significant data exposure.