Mercor, an AI recruiting startup, has acknowledged a security breach stemming from a supply chain attack related to the open-source project LiteLLM. The company confirmed to TechCrunch that it was among numerous businesses affected by this incident, attributed to a hacking group known as TeamPCP. The breach comes on the heels of claims by the extortion group Lapsus$, which asserted it had accessed Mercor’s data.
The specifics of how Lapsus$ obtained the compromised information from Mercor are not yet clear. Established in 2023, Mercor collaborates with industry leaders like OpenAI and Anthropic to enhance AI model training by engaging specialists in various fields, including medicine and law, primarily from markets such as India. The startup processes over $2 million in daily transactions and achieved a valuation of $10 billion after a $350 million Series C funding round led by Felicis Ventures in October 2025.
Heidi Hagberg, a spokesperson for Mercor, assured that the company acted swiftly to address the security incident. She stated, “We are conducting a thorough investigation supported by leading third-party forensics experts,” and emphasised ongoing communication with customers and contractors throughout the resolution process.
Lapsus$ has reportedly taken responsibility for the data breach on its leak site, releasing a sample that allegedly includes various data sets from Mercor, such as Slack communications and internal ticketing information, alongside two videos featuring dialogues between Mercor’s AI systems and its contractors.
When pressed about the relationship between Lapsus$ claims and the breach, Hagberg refrained from providing further details on whether any customer or contractor data had been accessed or misused. The breach connected to LiteLLM emerged last week after malicious code was detected in a package affiliated with the open-source project backed by Y Combinator. Although the malicious code was removed within hours, the incident raised alarms due to LiteLLM’s extensive usage, with millions of downloads daily, as reported by security firm Snyk. This prompted the project to revise its compliance measures, including a shift from the controversial startup Delve to Vanta for compliance certifications.
The scope of the impact from the LiteLLM incident and whether any data exposure has occurred remains unknown as investigations continue.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
