Mercor has confirmed a security incident tied to a broader supply chain attack involving the open-source AI project LiteLLM, stating it was among thousands of companies affected. The incident has been associated with the hacking group TeamPCP, while extortion group Lapsus$ has claimed to have accessed Mercor data, though the connection between the two remains unclear.
Founded in 2023, Mercor operates an AI-driven recruiting platform working with companies including OpenAI and Anthropic, facilitating large-scale expert-led model training. The company reported acting quickly to contain the issue, with spokesperson Heidi Hagberg indicating that remediation steps were initiated and a third-party forensic investigation is underway.
The incident highlights growing risks in AI infrastructure supply chains, particularly as widely used tools like LiteLLM underpin critical enterprise AI systems.
