AI Recruiting Startup Mercor Hit by Supply Chain Attack via Compromised LiteLLM Project
AI-powered recruiting platform Mercor has confirmed a supply chain attack that exploited vulnerabilities in LiteLLM, an open-source proxy tool widely used in the AI industry. The breach, claimed by an extortion hacking crew, highlights the growing risks of third-party dependencies in AI infrastructure.
The attack originated from LiteLLM, a popular open-source project that simplifies API calls to major LLM providers like OpenAI and Anthropic. By compromising the tool, attackers potentially gained access to any system running the vulnerable code, amplifying the breach’s impact across the AI ecosystem.
Mercor, which uses AI to match companies with global technical talent, is now assessing the fallout. While the full scope of stolen data remains undisclosed, the incident raises concerns about the exposure of employee and candidate information. The breach comes at a critical time for the company, which has been positioning itself as a leader in AI-driven recruitment.
This attack underscores the cascading security risks posed by open-source dependencies in AI development, as startups increasingly rely on third-party tools to power their operations.
Source: https://www.techbuzz.ai/articles/mercor-hit-by-supply-chain-attack-via-litellm-breach
Mercor cybersecurity rating report: https://www.rankiteo.com/company/mercor-ai
LiteLLM cybersecurity rating report: https://www.rankiteo.com/company/litellm
"id": "MERLIT1775010644",
"linkid": "mercor-ai, litellm",
"type": "Vulnerability",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'AI Recruiting/HR Tech',
'name': 'Mercor',
'type': 'Startup'}],
'attack_vector': 'Compromised open-source tool (LiteLLM)',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': 'Employee and candidate '
'information'},
'description': 'AI-powered recruiting platform Mercor has confirmed a supply '
'chain attack that exploited vulnerabilities in LiteLLM, an '
'open-source proxy tool widely used in the AI industry. The '
'breach, claimed by an extortion hacking crew, highlights the '
'growing risks of third-party dependencies in AI '
'infrastructure.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'breach during critical growth phase',
'data_compromised': 'Employee and candidate information (potential '
'exposure)',
'identity_theft_risk': 'Potential risk due to exposure of employee '
'and candidate information',
'systems_affected': 'Systems running vulnerable LiteLLM code'},
'initial_access_broker': {'entry_point': 'Compromised LiteLLM open-source '
'project'},
'lessons_learned': 'Growing risks of third-party dependencies in AI '
'infrastructure, cascading security risks posed by '
'open-source tools',
'motivation': 'Extortion',
'post_incident_analysis': {'root_causes': 'Vulnerabilities in third-party '
'open-source tool (LiteLLM)'},
'references': [{'source': 'Incident description'}],
'threat_actor': 'Extortion hacking crew',
'title': 'AI Recruiting Startup Mercor Hit by Supply Chain Attack via '
'Compromised LiteLLM Project',
'type': 'Supply Chain Attack'}