AI startup Mercor flags data exposure in supply-chain attack linked to LiteLLM
Mercor, an artificial intelligence startup recently valued at $10 billion, has disclosed a cybersecurity incident that may have exposed sensitive data belonging to users, contractors and enterprise clients, as stated in a Moneycontrol report.
The breach has been traced to a supply-chain compromise involving LiteLLM, a widely used tool that helps developers connect applications with various AI services. According to the company, malicious code was inserted into the library, enabling attackers to capture login credentials and potentially access internal systems.
Mercor said it was one of several organisations impacted by the compromised dependency. Given LiteLLM's broad adoption across AI development workflows, the attack may have had a far-reaching impact across the ecosystem.
Also read: Britain targets Anthropic growth as AI firm battles US blacklisting over Claude use
The startup works with major AI players, including Anthropic, OpenAI and Meta. While reports indicate that elements such as datasets and AI training workflow details could have been accessed, Mercor has not confirmed the full extent of the exposure.
Security researchers have linked the incident to a threat group known as TeamPCP, which specialises in supply-chain attacks. These attacks involve embedding malicious code into trusted software components, allowing it to spread across multiple organisations before being detected.
Another hacking collective, Lapsus$, has claimed responsibility for accessing Mercor's systems and has reportedly released samples of the stolen data online. The group has previously relied on phishing and social engineering tactics to breach corporate networks. Early reports suggest the leaked material could include internal communications, ticketing logs and system-level records.
Also read: No AI in court decisions: Gujarat High Court issues strict policy, bans AI usage for judges and staff
Mercor said it has taken steps to contain the incident and has initiated a third-party forensic investigation. The company is also in the process of notifying affected stakeholders directly.