Mercor confirms security incident tied to LiteLLM supply chain attack

A platform that helps AI industry leaders improve their models on Wednesday confirmed a security incident tied to a recent supply chain attack.

The startup, Mercor, was one of thousands of firms to be impacted by the security compromise of the open-source effort LiteLLM, according to a company statement.

Mercor is a popular recruiting outfit that works with  companies including OpenAI to hire experts and train AI models. As of October 2025, the company was reportedly valued at $10 billion.

“The privacy and security of our customers and contractors is foundational to everything we do at Mercor,” Mercor spokesperson Heidi Hagberg said in a statement. “Our security team moved promptly to contain and remediate the incident.” 

Mercor is conducting an investigation with the help of outside forensics experts, the statement added.

TechCrunch was first to report Mercor’s confirmation of the security incident.

Although the LiteLLM attack was reportedly tied to a group called TeamPCP, the hacking gang Lapsus$ claimed on its website that it obtained hundreds of gigabytes of Mercor’s data.

Hagberg did not immediately respond to questions about Lapsus$’s claims.

LiteLLM confirmed the hack on its systems last week, saying it was “investigating a suspected supply chain attack involving unauthorized PyPI package publishes.” The open-source project said evidence indicated that a user’s PyPI account may have been “compromised and used to distribute malicious code.”

A clean version of LiteLLM was released Monday, according to a LiteLLM security post.

Jonathan Greig contributed reporting.