Mercor confirms security incident tied to LiteLLM supply chain attack

Mercor, an artificial intelligence recruiting startup that supplies training data to major AI developers, confirmed a security incident linked to a supply chain compromise of the open source project LiteLLM, as investigators examine potential data exposure and competing claims from an extortion group.

The company said it was among thousands of organizations affected by the LiteLLM breach, which involved malicious code inserted into a widely used software library designed to connect applications with AI services. The attack has been attributed to a hacking group known as TeamPCP.

Mercor, founded in 2023, connects companies such as OpenAI, Anthropic and Meta with specialized experts including scientists, doctors and lawyers to generate high-quality training data for artificial intelligence systems. The company facilitates more than $2 million in daily payouts and reached a $10 billion valuation following a $350 million Series C funding round led by venture capital firm Felicis Ventures in October 2025.

A spokesperson for Mercor said the company acted quickly to contain and remediate the incident and has launched a detailed investigation with support from external forensic specialists. The company said it is communicating directly with customers and contractors as appropriate while working to resolve the issue.

The scope of the incident remains under investigation, including whether any customer or contractor data was accessed or misused. The company did not confirm a connection between the breach and claims made by Lapsus$, an extortion-focused hacking group that has asserted it obtained data from Mercor.

Material published by Lapsus$ included samples that appeared to reference internal communications data, ticketing systems and video interactions between Mercor’s AI systems and platform users. The group has claimed to possess a large volume of data, including source code and database records, though the extent and authenticity of the data have not been independently verified.

The breach traces back to a compromise of LiteLLM, a widely used open source library downloaded millions of times daily by developers integrating AI services. Malicious code embedded in the package was designed to harvest credentials and propagate across systems before being identified and removed within hours of discovery.