Mercor Confirms Security Incident Tied to Open-Source Project LiteLLM

AI Recruiting Startup Mercor Hit by Supply Chain Attack

Mercor, a popular AI recruiting startup, has confirmed a security incident linked to a supply chain attack involving the open-source project LiteLLM. The incident, reportedly tied to hacking group Lapsus$, has sparked concerns over data exposure and misuse.

Mercor's Response to the Incident

A Mercor spokesperson confirmed that the company had 'moved promptly' to contain and remediate the security incident. The spokesperson stated that Mercor is conducting a thorough investigation supported by leading third-party forensics experts and will continue to communicate with customers and contractors directly as appropriate.

The Role of LiteLLM in the Incident

LiteLLM is an open-source project that has been widely used around the internet, with the library downloaded millions of times per day. The malicious code was identified and removed within hours, but the incident drew scrutiny due to LiteLLM's widespread use. The project has since made changes to its compliance processes, including shifting from Delve to Vanta for compliance certifications.

Uncertainty Surrounding the Incident

It remains unclear how many companies were affected by the LiteLLM-related incident or whether any data exposure occurred. Investigations continue, and Mercor has declined to answer follow-up questions on whether the incident was connected to claims by Lapsus$ or whether any customer or contractor data had been accessed, exfiltrated, or misused.

Background on Mercor and LiteLLM

Mercor was founded in 2023 and works with companies including OpenAI and Anthropic to train AI models. The startup facilitates more than $2 million in daily payouts and was valued at $10 billion following a $350 million Series C round led by Felicis Ventures in October 2025. LiteLLM, on the other hand, is an open-source project that has been widely used in the development of AI models.

Key Takeaways

Mercor has confirmed a security incident linked to a supply chain attack involving the open-source project LiteLLM.
The incident, reportedly tied to hacking group Lapsus$, has sparked concerns over data exposure and misuse.
Mercor is conducting a thorough investigation and has declined to answer follow-up questions on the incident's connection to Lapsus$ or data exposure.
It remains unclear how many companies were affected by the LiteLLM-related incident or whether any data exposure occurred.