Mercor Confirms Security Incident Tied to LiteLLM Supply Chain Attack A prominent AI industry platform has confirmed it was impacted by a recent supply chain attack linked to the open-source project LiteLLM. Mercor, a startup specializing in tools for AI model development, disclosed the breach in a statement released on Wednesday. The company stated that its systems were compromised as part of a broader security incident affecting thousands of organizations tied to LiteLLM. The breach has raised concerns about the vulnerabilities of open-source software ecosystems and the potential for malicious actors to exploit supply chain weaknesses. Mercor’s spokesperson, Heidi Hagberg, emphasized that the company’s primary focus is on protecting the privacy and security of its customers and contractors. “Our security team moved promptly to contain and remediate the incident,” she said in a statement. The company is currently collaborating with external forensic experts to investigate the breach and determine the full scope of the compromise. While no specific details about the extent of the data exposure were provided, Hagberg acknowledged the seriousness of the situation and the steps being taken to address it. The incident is part of a larger security breach involving LiteLLM, an open-source project that provides tools for training and deploying large language models. LiteLLM confirmed the hack on its systems last week, stating it was investigating a suspected supply chain attack involving unauthorized PyPI package publishes. According to the project’s security post, evidence suggested that a user’s PyPI account may have been compromised and used to distribute malicious code. This method of attack exploits the trust users place in package repositories, allowing malicious actors to inject harmful code into widely used software.#lite_llm #mercor #lapsus #team_pcp #heidi_hagberg
Mercor Hit by LiteLLM Supply Chain Attack A cybersecurity incident involving the LiteLLM platform has impacted AI recruiting firm Mercor, according to a disclosure made by the company. The breach, linked to a supply chain attack, was attributed to the Trivy dependency, which was exploited by the TeamPCP hacking group. The attack occurred on March 27, following a Trivy-related breach a week earlier. LiteLLM, a widely used open-source framework, is estimated to be present in 36% of cloud environments. The TeamPCP group, using compromised credentials of a maintainer, published two malicious LiteLLM PyPI package versions—1.82.7 and 1.82.8—which were available for download for approximately 40 minutes. While the exposure window was brief, the malicious packages were likely automatically downloaded by thousands of users, including Mercor. Mercor confirmed it was among the thousands of companies affected by the supply chain attack. The company stated its security team acted swiftly to contain and remediate the incident, with support from third-party forensics experts. However, the company has not disclosed specific details about the extent of the breach or the data compromised. The Lapsus$ extortion group, known for leaking stolen data, listed Mercor on its leak site, claiming the theft of over 4 terabytes of data. TeamPCP, which has previously partnered with Lapsus$ to monetize stolen data, is suspected of being involved in the breach. While Mercor has not confirmed the Lapsus$ claims, the connection between the groups highlights the broader threat posed by supply chain attacks. SecurityWeek reported that the attack underscores the vulnerabilities in software supply chains, where third-party dependencies can be exploited to compromise large-scale systems.#lite_llm #mercor #team_pcp #trivy #lapsus
