Mercor Confirms It Was Among Thousands Affected in Massive LiteLLM Security Breach

Mercor said it has engaged third‑party forensics experts to investigate the breach, according to a statement posted on its social channels and reported by The Register. The firm’s security team “moved promptly to contain and remediate the incident,” the company added, emphasizing that resources are being devoted to resolve the matter quickly.

The breach follows claims by extortion group Lapsus$ that it exfiltrated roughly 4 TB of data, including 939 GB of Mercor’s source code, and is seeking a buyer for the files, The Register reported. Lapsus$ allegedly accessed the data through the LiteLLM supply‑chain compromise that affected thousands of downstream users.

Wiz researchers warned that high‑profile extortion groups like Lapsus$ are now collaborating with the TeamPCP crew, which is believed to be behind the Trivy and LiteLLM attacks, The Register added. TeamPCP has also been linked to a recent intrusion of Cisco’s internal development environment, where source code was stolen via credentials harvested in the Trivy attack.

Mercor, a $10 billion AI‑data startup that supplies training data to firms such as Anthropic, OpenAI and Meta, confirmed the incident to Fortune. The company said the breach could have exposed “sensitive company and user data,” and reiterated its commitment to customer privacy while the investigation proceeds.

The supply‑chain attack on LiteLLM, a widely used open‑source library for connecting applications to AI services, remains under active scrutiny, with multiple victims expected as the fallout from the Trivy compromise spreads, according to both The Register and Fortune.