Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project

Mercor, a fashionable AI recruiting startup, has confirmed a information incidental linked to a proviso concatenation onslaught involving the open-source task LiteLLM.

The AI startup told TechCrunch connected Tuesday that it was “one of thousands of companies” affected by a caller compromise of LiteLLM’s project, which was linked to a hacking radical called TeamPCP. Confirmation of the incidental comes arsenic extortion hacking radical Lapsus$ claimed it had targeted Mercor and gained entree to its data.

It’s not instantly wide however the Lapsus$ pack obtained the stolen information from Mercor arsenic portion of TeamPCP’s cyberattack.

Founded successful 2023, Mercor works with companies including OpenAI and Anthropic to bid AI models by contracting specialized domain experts specified arsenic scientists, doctors, and lawyers from markets including India. The startup says it facilitates much than $2 cardinal successful regular payouts and was valued astatine $10 billion pursuing a $350 cardinal Series C circular led by Felicis Ventures successful October 2025.

Mercor spokesperson Heidi Hagberg confirmed to TechCrunch that the institution had “moved promptly” to incorporate and remediate the information incident.

“We are conducting a thorough probe supported by starring third-party forensics experts,” said Hagberg. “We volition proceed to pass with our customers and contractors straight arsenic due and give the resources indispensable to resolving the substance arsenic soon arsenic possible.”

Earlier, Lapsus$ claimed work for the evident information breach connected its leak tract and shared a illustration of information allegedly taken from Mercor, which TechCrunch reviewed. The illustration included worldly referencing Slack information and what appeared to beryllium ticketing data, arsenic good arsenic 2 videos purportedly showing conversations betwixt Mercor’s AI systems and contractors connected its platform.

Hagberg declined to reply follow-up questions connected whether the incidental was connected to claims by Lapsus$, oregon whether immoderate lawsuit oregon contractor information had been accessed, exfiltrated, oregon misused.

The compromise of LiteLLM originally surfaced past week aft malicious codification was discovered successful a bundle associated with the Y Combinator-backed startup’s open-source project. While the malicious codification was identified and removed wrong hours, the incidental drew scrutiny owed to LiteLLM’s wide usage astir the internet, with the room downloaded millions of times per day, per information steadfast Snyk. The incidental besides prompted LiteLLM to marque changes to its compliance processes, including shifting from arguable startup Delve to Vanta for compliance certifications.

It remains unclear however galore companies were affected by the LiteLLM-related incidental oregon whether immoderate information vulnerability occurred, arsenic investigations continue.