AI recruiting startup Mercor confirmed a security incident tied to a supply chain compromise of the open-source LiteLLM project, attributed to hacking group TeamPCP. Extortion group Lapsus$ claimed responsibility for the breach and shared sample data allegedly taken from Mercor. The incident highlights supply chain risk for AI companies that depend on widely-used open-source LLM tooling.
Safety
Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project
Compromise of widely-used open-source LiteLLM library gives extortion group Lapsus$/TeamPCP backdoor access to Mercor and potentially dozens of downstream AI companies.
Wednesday, April 1, 2026 12:00 PM UTC2 MIN READSOURCE: TechCrunchBY sys://pipeline
Tags
safety
/// RELATED
Products4d ago
Apple accidentally left Claude.md files Apple Support app
Apple's Support app accidentally exposed internal Claude.md configuration files, confirming the company integrates Anthropic's Claude AI into its development pipeline at enterprise scale.
Safety4d ago
AI #163: Mythos Quest
Anthropic's Project Glasswing provides Claude Mythos to security researchers for vulnerability discovery, prioritizing responsible disclosure over competitive secrecy.