Mercor, a well-liked AI recruiting startup, has confirmed a security incident linked to a provide chain assault involving the open-source challenge LiteLLM.
The AI startup advised information.killnetswitch on Tuesday that it was “one in all hundreds of firms” affected by a latest compromise of LiteLLM’s challenge, which was linked to a hacking group known as TeamPCP. Affirmation of the incident comes as extortion hacking group Lapsus$ claimed it had focused Mercor and gained entry to its knowledge.
It’s not instantly clear how the Lapsus$ gang obtained the stolen knowledge from Mercor as a part of TeamPCP’s cyberattack.
Based in 2023, Mercor works with firms together with OpenAI and Anthropic to coach AI fashions by contracting specialised area consultants akin to scientists, medical doctors, and legal professionals from markets together with India. The startup says it facilitates greater than $2 million in day by day payouts and was valued at $10 billion following a $350 million Sequence C spherical led by Felicis Ventures in October 2025.
Mercor spokesperson Heidi Hagberg confirmed to information.killnetswitch that the corporate had “moved promptly” to comprise and remediate the security incident.
“We’re conducting a radical investigation supported by main third-party forensics consultants,” mentioned Hagberg. “We’ll proceed to speak with our clients and contractors straight as acceptable and dedicate the assets essential to resolving the matter as quickly as potential.”
Earlier, Lapsus$ claimed duty for the obvious data breach on its leak website and shared a pattern of information allegedly taken from Mercor, which information.killnetswitch reviewed. The pattern included materials referencing Slack knowledge and what gave the impression to be ticketing knowledge, in addition to two movies purportedly exhibiting conversations between Mercor’s AI methods and contractors on its platform.
Techcrunch occasion
San Francisco, CA
|
October 13-15, 2026
Hagberg declined to reply follow-up questions on whether or not the incident was related to claims by Lapsus$, or whether or not any buyer or contractor knowledge had been accessed, exfiltrated, or misused.
The compromise of LiteLLM initially surfaced final week after malicious code was found in a package deal related to the Y Combinator-backed startup’s open-source challenge. Whereas the malicious code was recognized and eliminated inside hours, the incident drew scrutiny attributable to LiteLLM’s widespread use across the web, with the library downloaded hundreds of thousands of instances per day, per security agency Snyk. The incident additionally prompted LiteLLM to make adjustments to its compliance processes, together with shifting from controversial startup Delve to Vanta for compliance certifications.
It stays unclear what number of firms had been affected by the LiteLLM-related incident or whether or not any knowledge publicity occurred, as investigations proceed.
