A sophisticated supply chain attack on a single open-source tool has exposed systemic risk in the AI sector, leaving a $10 billion recruiting startup and its clients, including OpenAI and Anthropic, scrambling to contain a multi-terabyte data breach.
A cyberattack on the AI recruiting startup Mercor has exposed sensitive data from clients including OpenAI, Anthropic, and Meta, highlighting critical vulnerabilities in the software supply chain that underpins the booming artificial intelligence industry. The breach, which Mercor confirmed on Wednesday, originated from malicious code planted in LiteLLM, a popular open-source tool used by thousands of companies to connect with large language models. The incident puts Mercor’s $10 billion valuation under pressure and raises questions about the security of the entire AI development ecosystem.
"The privacy and security of our customers and contractors is foundational to everything we do at Mercor," company spokesperson Heidi Hagberg said in a statement to Fortune. Hagberg confirmed the company was "one of thousands" affected by the LiteLLM compromise and has engaged third-party forensics experts to investigate the breach after moving promptly to contain it.
The attack was initiated by the hacking group TeamPCP, which injected credential-stealing malware into two versions of the LiteLLM Python package on March 27, according to security firm Snyk. While the malicious packages were removed from the PyPI repository within hours, it was long enough to cause widespread damage. Subsequently, the notorious extortion gang Lapsus$ claimed responsibility for the Mercor breach, posting on its leak site that it had exfiltrated over 4 terabytes of data. The stolen data allegedly includes source code, database records, Slack communications, and video recordings of platform interactions. It remains unclear if TeamPCP, known for supply chain attacks, collaborated with the extortion-focused Lapsus$ group, though security researchers at Wiz have noted a "dangerous convergence" between such groups.
The breach strikes at the heart of Mercor's business, which connects specialized domain experts with AI firms that need high-quality data for training models. Founded in 2023, the startup saw rapid growth, facilitating over $2 million in daily payouts and securing a $350 million Series C funding round in October 2025, led by Felicis Ventures. The compromise of its systems could expose proprietary data from its partners, including industry leaders like OpenAI and Anthropic, and the personal and financial information of its contractors.
The Mercor incident is a stark example of a supply-chain attack, where a single compromised component can create a cascading failure across an entire industry. LiteLLM, the open-source library at the center of the attack, is used by an estimated 36% of cloud environments to streamline AI operations. The breach demonstrates how dependent the fast-moving AI industry has become on a concentrated set of open-source tools, creating single points of failure that can be exploited at scale.
For investors, the attack serves as a critical reminder of the operational risks embedded in high-growth tech companies. While Mercor's $10 billion valuation was built on its central role in the AI economy, that same position now makes it a high-value target and exposes it to systemic threats. The fallout could lead to increased scrutiny from clients and regulators, potentially slowing Mercor's growth trajectory. The incident will likely force a sector-wide reassessment of open-source software security, pushing companies to invest in more robust vendor risk management and dependency scanning, which could increase operational costs and lengthen development cycles across the industry. The stock prices of cybersecurity firms specializing in software supply chain security, such as Snyk and Checkmarx, may see increased interest as a result.
This article is for informational purposes only and does not constitute investment advice.
