Mercor, a prominent AI-driven recruitment startup, has acknowledged a cybersecurity breach attributed to a supply-side intrusion concerning the open-source initiative, LiteLLM.
On Tuesday, the AI firm informed TechCrunch it was “one of thousands of companies” impacted by a recent security breach involving LiteLLM’s project, which is associated with a cybercrime collective known as TeamPCP. The affirmation of this event occurred concurrently with claims from the cyber extortion group Lapsus$, asserting they had targeted Mercor and obtained unauthorized entry to its information.
It’s presently uncertain how the Lapsus$ collective acquired the exfiltrated information from Mercor in conjunction with TeamPCP’s digital assault.
Established in 2023, Mercor collaborates with firms such as OpenAI and Anthropic for AI model development, engaging highly skilled subject matter professionals like scientists, doctors, and lawyers, sourcing from regions including India. The startup claims it oversees daily disbursements exceeding $2 million and achieved a valuation of $10 billion subsequent to a $350 million Series C funding round spearheaded by Felicis Ventures in October 2025.
Heidi Hagberg, Mercor’s representative, verified with TechCrunch that the company had “acted swiftly” to mitigate and address the cyber event.
“We are undertaking a comprehensive inquiry, aided by premier external forensic specialists,” Hagberg stated. “We will maintain open dialogue with our clients and vendors directly when suitable and allocate the requisite assets to achieving a prompt resolution of the issue.”
Previously, Lapsus$ asserted accountability for the ostensible data compromise on their disclosure portal and disclosed a data excerpt purportedly extracted from Mercor, which TechCrunch examined. The snippet comprised data mentioning Slack data and what seemed like ticket management information, in addition to two videos allegedly depicting interactions between Mercor’s artificial intelligence platforms and the contracted personnel operating on it.
TechCrunch gathering
San Francisco, California
|
October 13th to 15th, 2026
Hagberg opted not to address subsequent inquiries regarding any link between the occurrence and Lapsus$’ assertions, or if any client or vendor information had been accessed, removed, or improperly utilized.
LiteLLM’s security breach initially emerged last week following the detection of harmful code within a software bundle linked to the open-source endeavor of the Y Combinator-supported startup. Although the harmful code was pinpointed and eradicated within hours, the event attracted attention because of LiteLLM’s extensive adoption across the web, as the library sees millions of daily downloads, according to cybersecurity company Snyk. This event additionally spurred LiteLLM to revise its adherence protocols, which included transitioning from the contentious startup Delve to Vanta for certification of compliance.
The exact number of firms impacted by the occurrence associated with LiteLLM remains unknown, as does whether any information leak transpired, while inquiries are ongoing.
{content}
Source: {feed_title}