Mercor confirms supply chain attack on its open-source project LiteLLM, an incident affecting downstream ecosystems including thousands of enterprises, becoming a major risk event in the AI infrastructure security field recently.

As a well-known artificial intelligence recruitment company with a valuation of $1 billion, Mercor revealed on Tuesday that its core project LiteLLM was maliciously injected with code, and the source of the attack points to the hacker group TeamPCP. Meanwhile, the ransom group Lapsus$ also claimed to have stolen Mercor's internal data and publicly released sample data including Slack communication records, screenshots of ticket systems, and video recordings of AI system conversations. Currently, Mercor has hired third-party forensic experts to conduct an investigation and has taken rapid control and remediation measures, but has not yet directly addressed the details of the ransom demands from Lapsus$.

The core of this vulnerability lies in the LiteLLM open-source library, which is frequently used. The project has daily downloads in the millions, aiming to simplify the logic for developers to call the API of mainstream models such as OpenAI and Anthropic. Although the malicious code was identified and removed within a few hours, its wide penetration as a supply chain upstream has triggered a deep industry review of the compliance of open-source tools.

To address this, LiteLLM has urgently switched its compliance certification agency to Vanta. As a leading company in the industry, Mercor raised $350 million in its C round financing and processes over $2 million in payments daily. This security shock reflects the vulnerability of the AI industry's security foundation amid rapid expansion, which has become a key variable affecting the model training and talent recruitment cycle. The industry urgently needs to establish a stricter monitoring mechanism for open-source components.