$10B AI Startup Hit by LiteLLM Supply Chain Cyberattack

A major cybersecurity breach affected Mercor after malicious code was inserted into an update of the widely used open-source library LiteLLM. The attack has been linked to TeamPCP, with the extortion group Lapsus$ claiming responsibility and leaking samples of stolen data, including internal Slack messages, support tickets, and videos of AI contractor discussions. Given LiteLLM’s widespread use, the breach may have impacted numerous organizations relying on it for AI integrations.

Founded in 2023, Mercor has rapidly grown into a major player in the AI talent space, handling millions in daily payouts and securing significant funding. In response to the incident, the company quickly contained the threat, brought in forensic experts, and began notifying affected parties. The breach highlights the increasing risks associated with open-source dependencies and the urgent need for stronger security controls and compliance practices across the AI ecosystem.

Source: Beamstart

CybrHawk Recommendations

This incident is a clear reminder that modern cyber threats don’t just target organizations directly—they exploit trusted software across the supply chain.

With CybrHawk, you can:

• Continuously Monitor Third-Party Risk
  Identify vulnerabilities across open-source and vendor dependencies before attackers do.

• Detect & Respond in Real Time
  Our AI-driven XDR and SOC services provide 24x7 monitoring to catch anomalies and threats early.

• Strengthen Your AI & Cloud Security Posture
  Secure integrations, APIs, and AI pipelines against emerging attack vectors.

• Gain Actionable Threat Intelligence
  Stay informed on active threat actors like Lapsus$ and evolving tactics targeting your environment.

• Ensure Compliance & Resilience
  Align with frameworks like NIST, ISO, and SOC2 while improving your incident readiness.

Want to understand your exposure? Request a FREE Threat Exposure Snapshot—no fees, no commitment.