Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project

Mercor's Cybersecurity Incident

Mercor, a prominent AI recruiting startup, has acknowledged experiencing a security breach associated with a supply chain attack linked to the open-source project LiteLLM.

In a statement to TechCrunch on Tuesday, the company clarified that it was “one of thousands of companies” impacted by a recent compromise of the LiteLLM project, which involves the hacking collective known as TeamPCP. This announcement coincides with claims from the extortion group Lapsus$, stating that it had targeted Mercor and successfully accessed sensitive data from its systems.

The precise methodology employed by the Lapsus$ group to obtain the stolen data from Mercor during the TeamPCP cyberattack remains uncertain.

Founded in 2023, Mercor partners with respected organizations such as OpenAI and Anthropic to refine AI models by contracting specialized domain experts, including scientists, physicians, and legal professionals. The startup facilitates transactions exceeding $2 million daily and achieved a valuation of $10 billion after securing $350 million in a Series C funding round led by Felicis Ventures in October 2025.

Heidi Hagberg, a spokesperson for Mercor, confirmed the company's rapid response to address and remediate the security incident.

“We are conducting a thorough investigation supported by leading third-party forensics experts,” stated Hagberg. “We will continue to communicate with our customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible.”

Previously, Lapsus$ had claimed responsibility for the data breach on its leak site, where it released a sample of the allegedly stolen information, which comprised materials that included references to Slack communications, ticketing data, and videos depicting interactions between Mercor’s AI systems and its contractors.

This incident highlights persistent vulnerabilities within the technology sector, indicating that even well-established companies remain susceptible to cybersecurity breaches.