Mercor $10B AI Startup Hit by LiteLLM Supply Chain Cyberattack: Lapsus$ Leaks Slack Data and AI Contractor Videos

Mercor, a fast-growing AI recruiting platform valued at $10 billion, disclosed a significant cyberattack stemming from a compromise in the open-source LiteLLM project.

The breach involved malicious code inserted into a LiteLLM package last week, linked to the hacking group TeamPCP.

Lapsus$ Extortion Group Claims Mercor Data Theft

Infamous extortion collective Lapsus$ took credit for the intrusion, publishing samples of pilfered data such as Slack communications, ticketing records, and videos capturing AI contractor discussions.

Mercor's Rapid Rise in AI Talent Ecosystem

Founded in 2023, Mercor links domain experts including scientists, doctors, and lawyers from markets like India to leading AI firms for model training tasks.

The startup handles over $2 million in daily payouts to contractors and secured a massive $350 million Series C round in October 2025, led by Felicis Ventures.

LiteLLM's Widespread Vulnerability Exposed

LiteLLM, a Y Combinator-supported open-source tool boasting millions of daily downloads, swiftly identified and excised the malicious code within hours of discovery.

This supply chain attack potentially impacted thousands of organizations relying on the proxy library for AI model integrations.

Mercor acted decisively to isolate the incident, enlisting top third-party forensics specialists for a comprehensive probe.

Spokesperson Heidi Hagberg affirmed the company's commitment to notifying affected customers and contractors promptly.

The event amplifies cybersecurity perils for booming AI ventures, potentially ushering in stricter open-source vetting and compliance overhauls like Mercor's shift from Delve to Vanta.

As inquiries progress, the full extent of data exposure and broader industry ramifications remain under intense scrutiny.