Media reports indicate Mercor was among thousands of firms affected by the compromise of LiteLLM, attributed to a hacking group called TeamPCP.
The extortion group Lapsus$ has claimed responsibility, publishing stolen data samples on its leak site, according to TechCrunch. These included Slack messages, internal ticket records, and two videos showing Mercor’s AI interacting with contractors. However, it remains unclear how Lapsus$ obtained Mercor’s data during the attack.
Mercor said the malicious code was swiftly detected and removed. Nevertheless, the breach drew attention because LiteLLM is widely used, with millions of daily downloads, said TechCrunch, citing security firm Snyk.
LiteLLM has since strengthened its compliance measures, switching from the now-controversial compliance startup Delve to Vanta for certifications.
Founded in 2023, Mercor connects companies, including OpenAI, Meta, and Anthropic, with domain experts such as scientists, doctors, and lawyers, primarily from India. The platform processes more than $2 million in daily payouts.
Mercor was valued at $10 billion after a $350 million Series C round led by Felicis Ventures in October last year.
Following the breach, Meta has paused its work with Mercor and is investigating, with no timeline for resuming collaboration, according to Wired. Other AI firms are reviewing their engagements while the scope of the incident is assessed.
“Our security team moved promptly to contain and remediate the incident,” Mercor said, as quoted by Business Insider. “We are conducting a thorough investigation supported by leading third-party forensic experts.”
Security analysts warn Mercor may be an early target in a wave of extortion attempts stemming from the LiteLLM compromise. TeamPCP has said it plans to collaborate with ransomware groups to target affected companies more broadly, according to cybersecurity trade publication Cybernews. If implemented, this would follow patterns seen in prior large-scale cyberattacks.