Mercor Confirms Cyberattack Tied to LiteLLM Supply‑Chain Compromise
Key Points
- Mercor confirmed a security incident linked to a supply‑chain attack on the open‑source LiteLLM project.
- The attack was attributed to the hacking group TeamPCP, which affected thousands of companies.
- Extortion group Lapsus$ claimed it had accessed Mercor's data and posted a sample of the alleged breach.
- Mercor’s spokesperson said the company moved quickly to contain the incident and engaged third‑party forensics experts.
- Founded in 2023, Mercor works with AI firms such as OpenAI and Anthropic and processes over $2 million in daily payouts.
- The company was valued at $10 billion after a $350 million Series C round in October 2025.
- LiteLLM removed malicious code within hours, but the incident raised concerns due to the library’s massive daily downloads.
- LiteLLM switched its compliance partner to Vanta following the breach.
Mercor, an AI recruiting startup that connects domain experts with companies such as OpenAI and Anthropic, disclosed a security incident linked to a supply‑chain attack on the open‑source LiteLLM project. The breach, attributed to the hacking group TeamPCP, affected thousands of organizations and coincided with claims by the extortion group Lapsus$ that it had accessed Mercor's data. Mercor said it moved quickly to contain the incident, engaged leading third‑party forensics experts, and continues to communicate with customers and contractors while investigations proceed.
Incident Overview
Mercor, a startup that helps companies train artificial‑intelligence models by contracting specialized experts, confirmed that it was impacted by a recent cyberattack that originated from a supply‑chain compromise of the open‑source LiteLLM project. The company told TechCrunch that it was "one of thousands of companies" affected after malicious code was discovered in a package associated with LiteLLM, a library widely used across the internet. The supply‑chain intrusion was linked to a hacking group known as TeamPCP. At the same time, the extortion group Lapsus$ claimed responsibility for targeting Mercor and posted a sample of data it said it had taken from the company.
The leaked sample included references to Slack communications, ticketing data, and two videos that appeared to show conversations between Mercor’s AI systems and contractors on its platform. While the authenticity of the entire data set was not independently verified, TechCrunch reviewed the sample and reported its contents. Mercor’s spokesperson, Heidi Hagberg, declined to confirm whether the Lapsus$ claim was directly connected to the TeamPCP‑related supply‑chain attack or whether any customer or contractor data had been accessed, exfiltrated, or misused.
Company Background and Scale
Founded in 2023, Mercor works with high‑profile AI firms, including OpenAI and Anthropic, to provide domain‑specific expertise from professionals such as scientists, doctors, and lawyers. The startup reports facilitating more than $2 million in daily payouts to its contractors. Following a $350 million Series C round led by Felicis Ventures in October 2025, Mercor was valued at $10 billion.
Response and Ongoing Investigation
According to Hagberg, Mercor moved promptly to contain and remediate the security incident. The company engaged leading third‑party forensics experts to conduct a thorough investigation and pledged to keep customers and contractors informed as appropriate. Mercor also stated that it would devote the necessary resources to resolve the matter as quickly as possible.
The LiteLLM compromise itself was discovered last week, and the malicious code was removed within hours. The incident drew attention because the library is downloaded millions of times per day, according to security firm Snyk. In response, LiteLLM announced changes to its compliance processes, switching from a controversial compliance partner to Vanta for certifications. It remains unclear how many organizations were affected by the LiteLLM‑related breach or whether any data exposure occurred, as investigations continue.
Overall, the situation underscores the growing risk of supply‑chain attacks on widely used open‑source components and highlights the challenges companies face when multiple threat actors target the same vulnerability.