April 3, 2026

Artificial Intelligence Firm Mercor Hacked, 4TB of Data Stolen

Vaibhav April 3, 2026
Artificial-Intelligence-Firm-Mercor-Hacked-4TB-of-Data-Stolen
Post Views: 10

Mercor Breached by Hackers in High-Profile Supply Chain Attack

Artificial intelligence (AI) firm Mercor has fallen victim to a sophisticated cyberattack linked to a compromised open-source tool called LiteLLM.

Sophisticated Cyberattack Details

  • The breach, which occurred in late March 2026, resulted in hackers accessing sensitive data and internal systems, including candidate profiles, personally identifiable information, and technical assets such as source code, API keys, and secrets.
  • The incident is part of a large-scale supply chain attack that impacted thousands of organizations globally.
  • Supply chain attacks work by inserting malicious code into widely used software, allowing attackers to compromise multiple targets at once through trusted dependencies.
  • In this case, the compromised LiteLLM PyPI package versions 1.82.7 and 1.82.8 were available for approximately 40 minutes before being detected.
According to Research by Snyk, LiteLLM is used in roughly 36% of cloud environments, indicating the potential reach of the breach.

The compromised packages were published by the TeamPCP group, which used compromised maintainer credentials to execute the attack.

Mercor’s Response

  • Mercor’s prompt response to the incident included containing and remediating the breach, as well as bringing in third-party forensics experts to investigate.
The situation took a turn when the Lapsus$ extortion group listed Mercor on its leak site, claiming to possess 4TB of stolen data.

This claim, however, has not been independently verified, and Mercor has not confirmed the scope or authenticity of the alleged leak.

Implications and Conclusion

The incident serves as a stark reminder of the importance of maintaining robust security measures, particularly in the context of supply chain risks.

As the investigation into the breach continues, the incident highlights the ease with which a brief supply chain compromise can cascade across widely used software dependencies, affecting thousands of organizations within minutes.

The containment efforts underway serve as a crucial reminder of the importance of vigilance and proactive measures in preventing and responding to such incidents.

Mercor’s Significance

  • Mercor’s value as a key player in the tech industry, helping companies like OpenAI and Anthropic find experts to aid in AI system training, makes it a prime target for such attacks.
  • The company’s recent valuation of $10 billion following a $350 million funding round further underscores its significance.



About Author

Vaibhav

See author's posts

More Stories

ShinyHunters-Issues-Final-Warning-to-Cisco-Over-Alleged-Data-Breach

ShinyHunters Issues Final Warning to Cisco Over Alleged Data Breach

Vaibhav April 3, 2026
How-AI-Revolutionizes-Web-Traffic-Forever

How AI Revolutionizes Web Traffic Forever

Vaibhav April 3, 2026
Artificial-Intelligence-Security-Conference-2026

Artificial Intelligence Security Conference 2026

Vaibhav April 3, 2026

Latest Cyber Security News

Hims-Hers-Experiences-Data-Breach-Following-Zendesk-Support-Ticket-Incident

Hims & Hers Experiences Data Breach Following Zendesk Support Ticket Incident

Vaibhav April 3, 2026
North-Korea-Uses-GitHub-for-Cyber-Espionage-Against-South-Korean-Companies

North Korea Uses GitHub for Cyber Espionage Against South Korean Companies

Vaibhav April 3, 2026
Unauthenticated-File-Exfiltration-Vulnerabilities-Found-in-Progress-ShareFile

Unauthenticated File Exfiltration Vulnerabilities Found in Progress ShareFile

Vaibhav April 3, 2026
ShinyHunters-Issues-Final-Warning-to-Cisco-Over-Alleged-Data-Breach

ShinyHunters Issues Final Warning to Cisco Over Alleged Data Breach

Vaibhav April 3, 2026
German-Left-Party-Data-Breach-Exposed-by-Qilin-Ransomware-Attack

German Left Party Data Breach Exposed by Qilin Ransomware Attack

Vaibhav April 3, 2026
en_USEnglish
en_USEnglish