AI hiring startup Mercor confirmed it was among thousands of companies hit by a supply-chain attack through LiteLLM, a widely-used open-source LLM proxy library. Extortion group Lapsus$ claimed to have stolen 4 TB of data including 939 GB of Mercor source code. The attack traces back to TeamPCP, the crew believed responsible for compromising Trivy, LiteLLM, and other popular open-source tools — with Cisco also reporting impact.
Infrastructure
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
TeamPCP's systematic campaign targeting open-source developer infrastructure compromises LiteLLM and impacts thousands of companies, exposing a critical vulnerability in the shared-tool supply chain.
Friday, April 3, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
infrastructure
/// RELATED