EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

AI startup Mercor confirms security incident linked to LiteLLM supply chain attack

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-01 14:42 UTCUpdated 2026-04-02 00:02 UTC
rss
cveexploitsbreachesmalwarethreat_actorssecurity_tooling
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (3)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.
3 top sources shown
Mercor confirms security incident tied to LiteLLM supply chain attack
The Record (Recorded Future News) · News · therecord.media · 2026-04-01 18:58 UTC
View all evidence
Overview

Mercor, an AI recruiting startup, confirmed it was among thousands of companies affected by a supply chain attack involving the open-source LiteLLM project. Malicious code was injected into LiteLLM, a tool widely used to manage AI model interactions.

Score total
1.05
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
  • Mercor is the first publicly named victim, signaling wider fallout from the LiteLLM compromise.
  • Claims by hacking groups TeamPCP and Lapsus$ highlight ongoing threat actor activity.
  • The incident underscores the urgency of securing open-source AI supply chains amid growing adoption.
Why it matters
  • Supply chain attacks on open-source AI tools can impact thousands of companies downstream.
  • Compromise of AI model management tools risks exposure of sensitive data and operational disruption.
  • Early identification of victims like Mercor helps understand the scope and actors behind the attack.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • Mercor was one of thousands of companies affected by the LiteLLM supply chain attack
  • Malicious code was injected into the LiteLLM open-source project used for AI model management
  • The hacking group TeamPCP is linked to the LiteLLM attack, while Lapsus$ claimed to have obtained large amounts of Mercor's data
How sources frame it
  • The Record (Recorded Future News): neutral
All evidence
All evidence
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
The Register Security · go.theregister.com · 2026-04-02 00:02 UTC
Mercor confirms security incident tied to LiteLLM supply chain attack
The Record (Recorded Future News) · therecord.media · 2026-04-01 18:58 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
  • The Register Security (1)
  • The Record (Recorded Future News) (1)
  • SC Media (1)
Top origin domains (this list)
  • go.theregister.com (1)
  • therecord.media (1)
  • scworld.com (1)