Mercor Confirms Security Incident Tied to LiteLLM Supply Chain Attack A prominent AI industry platform has confirmed it was impacted by a recent supply chain attack linked to the open-source project LiteLLM. Mercor, a startup specializing in tools for AI model development, disclosed the breach in a statement released on Wednesday. The company stated that its systems were compromised as part of a broader security incident affecting thousands of organizations tied to LiteLLM. The breach has raised concerns about the vulnerabilities of open-source software ecosystems and the potential for malicious actors to exploit supply chain weaknesses. Mercor’s spokesperson, Heidi Hagberg, emphasized that the company’s primary focus is on protecting the privacy and security of its customers and contractors. “Our security team moved promptly to contain and remediate the incident,” she said in a statement. The company is currently collaborating with external forensic experts to investigate the breach and determine the full scope of the compromise. While no specific details about the extent of the data exposure were provided, Hagberg acknowledged the seriousness of the situation and the steps being taken to address it. The incident is part of a larger security breach involving LiteLLM, an open-source project that provides tools for training and deploying large language models. LiteLLM confirmed the hack on its systems last week, stating it was investigating a suspected supply chain attack involving unauthorized PyPI package publishes. According to the project’s security post, evidence suggested that a user’s PyPI account may have been compromised and used to distribute malicious code. This method of attack exploits the trust users place in package repositories, allowing malicious actors to inject harmful code into widely used software.#lite_llm #mercor #lapsus #team_pcp #heidi_hagberg
