AI startup Mercor confirms security incident linked to LiteLLM supply chain attack

April 1, 2026

Plain code with the word "cyberattack" in red.

(Adobe Stock)

AI recruiting startup Mercor has confirmed it was affected by a security incident, which appears to be linked to a supply chain attack targeting the open-source project LiteLLM. The company stated it was one of thousands of organizations impacted by the compromise. This confirmation follows claims by the extortion hacking group Lapsus$ that it had targeted Mercor and accessed its data, according to a recent report by TechCrunch.

The incident at Mercor is believed to stem from malicious code injected into the LiteLLM project, an open-source tool used by numerous companies to manage AI model interactions. A hacking group known as TeamPCP has been linked to this compromise. While Mercor is investigating the full extent of the breach with third-party experts, the group Lapsus$ has claimed responsibility and released a sample of data allegedly stolen from Mercor, including Slack and ticketing information. It is unclear how Lapsus$ obtained this data in relation to the TeamPCP attack on LiteLLM.

Source: TechCrunch

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Learn More

SC Staff

Oracle Corporation location. Oracle offers technology and cloud based solutions II

Data Security

ShinyHunters gang targets Oracle PeopleSoft servers in data theft attacks

SC StaffJune 10, 2026

The ShinyHunters gang is exploiting a combination of old and zero-day vulnerabilities, referred to as a "gadget chain," to target both cloud and on-premises Oracle PeopleSoft instances.