A Mercor cyberattack has been confirmed, directly linked to a significant compromise within the open-source LiteLLM project, as first reported by TechCrunch. The AI recruiting startup, valued at $10 billion, became a victim of an extortion hacking group known as TeamPCP, who claimed to have exfiltrated sensitive data from Mercor’s systems.
Mercor, an American artificial intelligence (AI) hiring startup founded in 2023 by Brendan Foody, Adarsh Hiremath, and Surya Midha, specializes in connecting experts across various fields—from engineers and lawyers to doctors and journalists—to train AI models for major clients like OpenAI and Anthropic. The company’s rapid ascent saw its three 22-year-old founders achieve self-made billionaire status after a hefty Series C funding round in October 2025.
The LiteLLM Vulnerability Explained
The core of the incident lies with LiteLLM, a widely adopted open-source Python library. It acts as a crucial unified interface for over 100 Large Language Models (LLMs) from providers such as OpenAI, Anthropic, Google Gemini, and Mistral. Developers rely on LiteLLM to simplify API management, error handling, and model switching, and it can also function as a proxy server to centralize LLM requests, making it a high-value target for malicious actors.
“The compromise of LiteLLM represents a critical supply chain attack, exposing potentially vast arrays of API keys and cloud credentials across numerous organizations relying on the unified LLM interface.”
TeamPCP, the threat actor group, executed a sophisticated supply chain attack. They compromised LiteLLM’s PyPI publishing credentials and subsequently released two malicious versions of the library (1.82.7 and 1.82.8) on March 24, 2026. These compromised versions harbored a three-stage payload designed specifically for credential harvesting, enabling lateral movement within Kubernetes environments, and establishing a persistent backdoor for remote code execution. The malicious code aggressively targeted sensitive data, including cloud platform credentials, SSH keys, Kubernetes secrets, and environment variables, encrypting and exfiltrating the stolen information to an attacker-controlled server.
Timeline of the Mercor Cyberattack
The broader campaign by TeamPCP reportedly began on March 19, 2026, with the compromise of the Trivy security scanner. Just five days later, on March 24, 2026, the malicious LiteLLM versions were published to PyPI, which promptly quarantined the project upon discovery. The full impact on Mercor came to light on March 31, 2026, when TechCrunch confirmed the company was indeed affected by this far-reaching cyberattack. This incident underscores the escalating risks within the open-source software supply chain, particularly for high-growth tech firms like Mercor.
Implications for AI and Open-Source Security
The attackers’ motivation was clear: to steal credentials and sensitive data. LiteLLM’s role as a central hub for various LLM providers made it an exceptionally attractive target. A successful compromise, as seen with the Mercor cyberattack, could expose a wealth of critical API keys and cloud credentials across a wide spectrum of organizations utilizing the library. The attack’s sophistication, employing hidden payloads, aggressive delivery methods, and encryption, highlights the evolving tactics of cybercriminals seeking to evade detection and exploit vulnerabilities in widely used software. This event serves as a stark reminder for all companies leveraging open-source components to bolster their security protocols and remain vigilant against supply chain threats. For more insights on digital security, explore our related Tech news.
The incident involving the Mercor cyberattack and LiteLLM compromise is a critical case study in the vulnerabilities present in the modern software ecosystem. It emphasizes the need for robust security audits and continuous monitoring, especially for open-source projects that form the backbone of many advanced AI applications. Companies, regardless of size, must prioritize supply chain security to protect their invaluable data and maintain operational integrity in an increasingly interconnected digital landscape.




