Hustler Words – AI recruiting powerhouse Mercor has confirmed it fell victim to a sophisticated cyberattack, an incident intricately tied to a supply chain compromise within the widely utilized open-source LiteLLM project. This security breach, which the startup revealed to Hustler Words, places Mercor among potentially thousands of organizations impacted by the malicious activities of the hacking collective known as TeamPCP. The situation is further complicated by the notorious extortion group Lapsus$, which has independently claimed responsibility for targeting Mercor and allegedly exfiltrating sensitive data, adding a layer of mystery to the unfolding digital assault.
The precise connection between Lapsus$’s assertions and the TeamPCP-orchestrated LiteLLM cyberattack remains unclear, leaving investigators to untangle a complex web of digital intrusion. Mercor, established in 2023, is a significant player in the AI ecosystem, facilitating the training of advanced AI models for industry giants like OpenAI and Anthropic. The company achieves this by connecting specialized domain experts – including scientists, doctors, and legal professionals from global markets such as India – with AI development needs. With daily payouts exceeding $2 million and a staggering $10 billion valuation following a $350 million Series C funding round led by Felicis Ventures in October 2025, Mercor represents a high-value target for cybercriminals.
Heidi Hagberg, a spokesperson for Mercor, assured Hustler Words that the company initiated swift action to contain and mitigate the security incident. "We are conducting a thorough investigation supported by leading third-party forensics experts," Hagberg stated, emphasizing Mercor’s commitment to resolution. "We will continue to communicate with our customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible."
Related Post
Earlier, Lapsus$ publicly showcased alleged data samples from Mercor on its dark web leak site, which Hustler Words independently reviewed. This purported evidence included references to Slack communications, ticketing system data, and even two videos reportedly depicting interactions between Mercor’s AI systems and its network of contractors. However, Hagberg remained tight-lipped when pressed for details, declining to confirm any direct link to Lapsus$’s claims or whether any customer or contractor data had been accessed, exfiltrated, or misused.
The broader LiteLLM compromise first came to light last week, when malicious code was discovered embedded within a package associated with the Y Combinator-backed project. Although the rogue code was swiftly identified and purged within hours, the incident sent ripples across the tech community due to LiteLLM’s pervasive adoption, with its library seeing millions of downloads daily, according to security firm Snyk. This widespread exposure prompted LiteLLM to overhaul its compliance protocols, transitioning from the controversial startup Delve to Vanta for its certification needs.
As investigations continue, the full scope of companies affected by the LiteLLM-related breach, and the ultimate extent of any data exposure, remains largely undetermined. The incident serves as a stark reminder of the escalating risks inherent in the interconnected supply chains of modern software development, particularly within the rapidly evolving and high-stakes field of artificial intelligence.
Leave a Comment