AI recruiting startup Mercor suffered a cyberattack linked to a compromise of the open-source LiteLLM project, with an extortion group claiming responsibility for stealing company data. The incident highlights supply chain risks in open-source AI tooling and underscores the vulnerability of startups relying on third-party libraries. This breach may prompt increased scrutiny of security practices around widely-used AI infrastructure components.
Background
LiteLLM is a popular open-source library for unifying multiple large language model APIs, widely used in AI applications. Supply chain attacks targeting open-source dependencies have become increasingly common in recent years.
- Source
- TechCrunch
- Published
- Apr 1, 2026 at 09:42 AM
- Score
- 7.0 / 10