• Mercor confirmed a security breach after an extortion group claimed responsibility for stealing data through a compromised open-source LiteLLM project, according to TechCrunch

  • The attack exploited LiteLLM, a widely-used open-source proxy for AI model APIs, turning a trusted developer tool into a vector for data exfiltration

  • This marks another high-profile supply chain attack targeting AI infrastructure, following a pattern of hackers exploiting open-source dependencies to breach multiple companies simultaneously

  • The incident raises urgent questions about security auditing practices for open-source AI tools as startups rush to integrate third-party libraries into production systems

AI recruiting startup Mercor just confirmed it’s the latest victim of a sophisticated supply chain attack that exploited the open-source LiteLLM project. An extortion hacking crew took credit for stealing company data, exposing how deeply vulnerable the AI infrastructure stack has become. The breach underscores a growing threat as startups increasingly rely on third-party open-source tools to power their AI operations, creating cascading security risks across the ecosystem.

Mercor, an AI-powered recruiting platform, is scrambling to contain fallout from a cyberattack that appears to have originated through a compromised open-source project its systems depended on. The company confirmed the security incident after an extortion hacking crew publicly claimed responsibility for stealing data from Mercor’s infrastructure, marking the latest in a disturbing trend of supply chain attacks targeting the AI startup ecosystem.

The breach traces back to LiteLLM, an open-source proxy tool that simplifies API calls to multiple large language model providers. Developers across the AI industry use LiteLLM to manage connections to OpenAI, Anthropic, and other LLM services through a unified interface. But that widespread adoption just made it an irresistible target. When attackers compromised the project, they didn’t just hit one company – they potentially gained access to every system running the vulnerable code.

Mercor’s disclosure comes at a particularly sensitive time for AI recruiting startups. The company has been positioning itself as a next-generation talent platform, using AI to match companies with technical talent globally. Having that infrastructure breached raises immediate questions about what employee and candidate data might have been exposed. The company hasn’t yet disclosed the full scope of the stolen information or how many users might be affected.