Mercor, a well-known AI recruiting startup, has acknowledged a security breach connected to a supply chain attack that impacted the open-source project LiteLLM. This confirmation follows claims by the extortion hacking group Lapsus$ that it targeted Mercor and successfully accessed company data. The specific method used by the Lapsus$ gang to acquire the stolen information as part of TeamPCP's cyberattack is not yet known.

EMBED_PLACEHOLDER_0

Established in 2023, Mercor collaborates with firms like OpenAI and Anthropic to train AI models by engaging specialized domain experts, including scientists, doctors, and lawyers, from regions such as India. The startup reports that it processes over $2 million in daily payouts and achieved a $10 billion valuation after a $350 million Series C funding round led by Felicis Ventures in October 2025.

"We are carrying out a comprehensive investigation with the assistance of top third-party forensics experts," stated Hagberg. "We will maintain direct communication with our customers and contractors as needed and commit the required resources to resolve this issue promptly."

The leaked sample contained references to Slack data and apparent ticketing information, along with two videos that seem to show interactions between Mercor's AI systems and contractors on its platform. Hagberg chose not to address follow-up inquiries regarding a potential link to Lapsus$'s claims or whether any customer or contractor data was accessed, removed, or misused.

EMBED_PLACEHOLDER_1

The LiteLLM compromise first came to light last week when malicious code was found in a package related to the Y Combinator-backed startup's open-source project. Although the harmful code was detected and eliminated within hours, the event attracted significant attention due to LiteLLM's extensive global usage, with the library being downloaded millions of times daily, according to security company Snyk.

This incident also led LiteLLM to revise its compliance procedures, moving from the contentious startup Delve to Vanta for compliance certifications. Investigations are ongoing, and it is still uncertain how many companies were affected by the LiteLLM-related breach or if any data was exposed.