AI Recruiting Unicorn Mercor Hit by Supply Chain Attack via Compromised LiteLLM Library
Mercor, a $10 billion AI recruiting startup, confirmed a major security breach stemming from malicious code injected into the open-source LiteLLM project a widely used library that powers thousands of companies globally. The incident, classified as a supply chain attack, exposed sensitive data and underscored systemic risks in AI infrastructure dependencies.
Breach Timeline and Discovery
Security researchers at Snyk detected the malicious code in LiteLLM last week, prompting its removal within hours. However, the exposure window allowed threat actors to compromise downstream systems. Mercor first noticed anomalous activity on April 28, 2025, with extortion group Lapsus$ claiming responsibility the following day. The group posted samples of stolen data on its leak site, including Slack communications, ticketing system records, and videos of AI-contractor interactions.
Scope of Compromised Data
The breach exposed:
- Contractor data, including professional credentials and payment details.
- Proprietary AI training data and client information tied to partnerships with OpenAI and Anthropic.
- Internal communications and operational records.
Mercor, which connects specialized professionals (scientists, doctors, lawyers) with AI firms for training and validation, processes over $2 million in daily payouts. The company acknowledged it was one of thousands affected by the LiteLLM compromise.
Threat Actors and Investigation
The attack involved two distinct groups:
- TeamPCP, a hacking collective with suspected nation-state ties, executed the initial supply chain compromise.
- Lapsus$, known for high-profile breaches (NVIDIA, Microsoft, Okta), later claimed responsibility for data exfiltration and extortion.
Investigators are still determining whether the groups collaborated or if Lapsus$ independently accessed the stolen data. Mercor is working with third-party forensics experts to assess the full impact.
Broader Implications
The breach highlights critical vulnerabilities in AI infrastructure, particularly the risks of relying on open-source tools like LiteLLM a project maintained by a Y Combinator-backed startup. The incident reveals how a single compromise can cascade across industries, exposing sensitive data in AI training pipelines. The involvement of TeamPCP, linked to state-sponsored operations, suggests potential motives beyond financial gain, including intelligence gathering on AI methodologies and contractor networks.
Mercor’s rapid growth valued at $10 billion after a $350 million Series C in October 2025 makes it a prime target, but the attack’s ripple effects extend to the broader tech ecosystem. The ambiguity around the threat actors’ roles further complicates mitigation efforts.
Mercor cybersecurity rating report: https://www.rankiteo.com/company/mercor-ai
"id": "MER1775112166",
"linkid": "mercor-ai",
"type": "Breach",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Contractors, AI firms '
'(including OpenAI and '
'Anthropic)',
'industry': 'Recruiting/AI',
'name': 'Mercor',
'size': 'Valued at $10 billion',
'type': 'AI Recruiting Startup'}],
'attack_vector': 'Malicious code injection in open-source library (LiteLLM)',
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Slack communications',
'Ticketing system records',
'Videos of AI-contractor interactions'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Contractor data (professional '
'credentials, payment details)',
'Proprietary AI training data',
'Client information',
'Internal communications',
'Operational records']},
'date_detected': '2025-04-28',
'description': 'Mercor, a $10 billion AI recruiting startup, confirmed a '
'major security breach stemming from malicious code injected '
'into the open-source LiteLLM project, a widely used library '
'that powers thousands of companies globally. The incident '
'exposed sensitive data and underscored systemic risks in AI '
'infrastructure dependencies.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'identity_theft_risk': True,
'operational_impact': 'Exposure of proprietary AI training data '
'and client information',
'payment_information_risk': True,
'systems_affected': ['Slack communications',
'Ticketing system',
'AI training pipelines']},
'initial_access_broker': {'entry_point': 'Compromised LiteLLM library',
'high_value_targets': ['AI training data',
'Contractor networks']},
'investigation_status': 'Ongoing',
'lessons_learned': 'Critical vulnerabilities in AI infrastructure, '
'particularly risks of relying on open-source tools like '
'LiteLLM. A single compromise can cascade across '
'industries, exposing sensitive data in AI training '
'pipelines.',
'motivation': ['Extortion',
'Intelligence gathering on AI methodologies and contractor '
'networks'],
'post_incident_analysis': {'root_causes': 'Malicious code injection in '
'open-source LiteLLM library'},
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'Snyk'}],
'response': {'remediation_measures': 'Removal of malicious code from LiteLLM',
'third_party_assistance': 'Third-party forensics experts'},
'threat_actor': ['TeamPCP', 'Lapsus$'],
'title': 'AI Recruiting Unicorn Mercor Hit by Supply Chain Attack via '
'Compromised LiteLLM Library',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Compromised LiteLLM library'}