Mercor Acknowledges Security Incident After LiteLLM Supply-Chain Compromise

Mercor, an AI hiring startup, confirmed Tuesday that it was among the firms affected by a recent supply-chain intrusion tied to the open-source LiteLLM project, and investigators are still sorting out how an extortion group claiming responsibility fits into the picture. The company said the compromise tracks back to code tampering in LiteLLM that security researchers have linked to a hacking collective called TeamPCP. Separately, the extortion gang Lapsus$ posted messages asserting it had accessed Mercor data, but how — or whether — that material was obtained through the TeamPCP activity remains unresolved.

Mercor’s chief communications officer, Heidi Hagberg, said the company took immediate steps to isolate systems and began a formal probe with outside forensic specialists. She told reporters the startup is keeping clients and its network of contractors informed and dedicating personnel and funds to contain the incident and assess any damage. Hagberg declined to say whether Mercor had confirmed any customer or contractor records were stolen or misused.

The company, founded in 2023, supplies domain experts — including scientists, physicians and lawyers — to organizations training large AI models and counts companies such as OpenAI and Anthropic among its partners. Mercor handles more than $2 million in payouts on a typical day and, after a $350 million Series C led by Felicis Ventures last October, was valued at about $10 billion.

Lapsus$ published a sample of material it said came from Mercor on its leak forum; TechCrunch reviewed that sample, which included snippets that appeared to be Slack exchanges, support-ticket content and two short recordings that showed interactions between Mercor’s systems and contractors on its platform. Hagberg would not answer follow-up questions tying those posts directly to the LiteLLM incident or specifying the scope of any data exposure.

The LiteLLM contamination first drew attention last week when malicious code was discovered in a distributed package tied to the Y Combinator-backed open-source project. Developers removed the tainted code within hours, but the episode alarmed security teams because the library is embedded widely across the web — security firm Snyk reported several million downloads every day. In response, the LiteLLM project has overhauled parts of its compliance workflow and replaced Delve with Vanta for certifications.

Independent security analyst Dr. Anita Rao said supply-chain intrusions are attractive to attackers because a single compromised package can touch “hundreds or thousands” of downstream users quickly. She added that affected firms should rotate credentials, audit recent access logs and communicate clearly with contractors. Investigations by Mercor and third-party teams are ongoing, and the company has pledged to share updates with customers as new findings emerge.