AI Recruiting Startup Mercor Hit by Supply Chain Cyberattack Through Compromised Open-Source Project LiteLLM

Mercor, a popular AI recruiting startup, confirmed it was impacted by a security incident linked to a supply chain attack on LiteLLM, a widely-used open-source project. The company told TechCrunch it was one of thousands of firms affected by the recent compromise of LiteLLM's project, tied to a hacking group called TeamPCP. Lapsus$ claimed it had targeted Mercor and gained access to its data. Mercor spokesperson Heidi Hagberg confirmed the company swiftly contained and remediated the incident and is investigating with leading third-party forensics experts. The incident raised concerns due to LiteLLM's widespread adoption, with the library downloaded millions of times daily. It remains unclear how many companies were impacted or if any data exposure occurred, as investigations continue.