Following a compromise of the open-source tool LiteLLM, AI firm Mercor reports a security incident. Learn how hacking groups TeamPCP and Lapsus$ allegedly accessed sensitive candidate profiles and internal data.
The AI recruitment firm Mercor has confirmed it is dealing with a security incident following a widespread cyberattack linked to a compromised open-source tool. The breach is part of a large-scale supply chain attack that impacted thousands of organisations globally.
For your information, supply chain attacks work by inserting malicious code into widely used software, allowing attackers to compromise multiple targets at once through trusted dependencies.
A 40-minute window of chaos
The incident dates back to late March 2026 and involves LiteLLM, an open-source tool used to enable communication between different AI models. According to reports, attackers published two malicious versions of the LiteLLM PyPI package, versions 1.82.7 and 1.82.8. While the compromised packages were available for only around 40 minutes, the impact window was significant.
Research from Snyk shows LiteLLM sees millions of downloads per day. This means organisations running automated CI/CD pipelines may have unknowingly pulled the malicious code during that brief period. Data from Wiz Research further indicates LiteLLM is present in roughly 36% of cloud environments, highlighting the scale of potential exposure.
Mercor Confirmation
Mercor confirmed it was one of thousands of organisations affected by the LiteLLM supply chain attack. The incident has been linked to the TeamPCP group, which reportedly used compromised maintainer credentials to publish malicious package versions.
As per the company’s spokesperson, the firm moved promptly to contain and remediate the incident and has brought in third-party forensics experts to investigate.
LiteLLM is widely used to enable communication between AI models and is present in roughly 36% of cloud environments, according to Wiz Research. Researchers traced the breach back to an earlier compromise involving the Trivy tool, which exposed sensitive tokens used in downstream development workflows.
Claims of massive data theft
The situation worsened after the Lapsus$ extortion group listed Mercor on its leak site, claiming to possess 4TB of stolen data. According to the listing, the data allegedly includes candidate profiles, personally identifiable information, employer data, and technical assets such as source code, API keys, and secrets.
The listing also references data linked to Tailscale VPN usage, along with video interviews between AI systems and contractors. These claims have not been independently verified, and Mercor has not confirmed the scope or authenticity of the alleged leak.
It also remains unclear how Lapsus$ obtained the data and whether it is directly linked to the LiteLLM compromise. However, security researchers have suggested a possible link between Lapsus$ and the TeamPCP group behind the supply chain attack, though no formal collaboration has been confirmed.
Mercor is a major player in the tech world that helps giants like OpenAI and Anthropic find experts like doctors and lawyers to help train their AI systems. The company was recently valued at $10 billion following a $350 million funding round led by Felicis Ventures in October 2025, making it a high-profile target for such an attack.
Nevertheless, while containment efforts are underway, the case highlights how a brief supply chain compromise can cascade across widely used software dependencies, affecting thousands of organisations within minutes.
Editor’s note: At the time of writing, the Mercor auction listing had been removed from the Lapsus$ hackers’ official website. While the reason for its removal remains unclear, it suggests two possibilities: either the hackers have found a buyer, or Mercor may have been in discussions with them to halt the auction. However, this is only an indication, and nothing has been confirmed.
