Mercor startup attacked via vulnerability in open-source project LiteLLM

AI-recruiting startup Mercor has confirmed a cyberattack and data breach after a hacker group specializing in extortion claimed responsibility for the penetration of the company's systems. Of particular concern is the attack vector: the attackers exploited the compromise of a popular open-source project LiteLLM — a tool that a significant portion of modern AI infrastructure relies on. LiteLLM is a widely used open-source library that serves as a universal proxy gateway for working with language models from different providers: OpenAI, Anthropic, Google, Mistral, Cohere, and dozens of others.

The tool has gained popularity among technology startups and corporate AI teams for its ability to unify requests to different LLMs through a single API, manage key rotation, and maintain centralized logging of requests. This position in the infrastructure — between the application and language models, with access to API keys and user data — makes LiteLLM particularly attractive as a target for attackers. The compromise of such a component goes far beyond an incident at a single company.

This is a supply chain attack: any project using the vulnerable version of LiteLLM was potentially at risk. At the time of publication, it remains unknown how many other organizations may have been affected by the same compromise. Mercor is an American AI startup specializing in recruiting technical specialists using artificial intelligence.

The platform uses language models to automate candidate skills assessment, conduct structured interviews, and match specialists with open positions at AI-focused companies. By the nature of its operations, Mercor's systems store highly sensitive information: resumes and professional profiles of thousands of job seekers, results of technical assessments, salary expectation data, as well as information about hiring companies and their staffing needs. The group claiming responsibility for the attack operates according to a well-established double extortion model: the victim is given an ultimatum — pay the ransom or lose control of stolen information.

Unlike classic ransomware attacks where a company loses access to its own files, this scheme exploits fear of regulatory sanctions and reputational damage. For a platform working with candidate personal data, a public leak could trigger investigations by regulators and irreversible loss of user trust. Mercor confirmed the incident, but the company has not yet disclosed the scope of stolen data or the attackers' demands.

The incident exposes a systemic problem in the modern AI sector: the dependence of hundreds of companies on the same set of open-source tools — LiteLLM, LangChain, LlamaIndex, Transformers. Reuse of the common stack accelerates development but creates concentrated risk: the compromise of one popular component simultaneously affects the entire ecosystem of its users. Attacks on open-source projects are becoming increasingly targeted: attackers analyze dependency graphs, study the library's user ecosystem, and select an entry point with maximum coverage of victims.

For companies building AI products based on open-source proxy tools with access to API keys and user data, the Mercor case is a direct signal: regular dependency audits, monitoring of security updates, and isolation of privileged infrastructure components should become a standard, not an item on a perpetually deferred list.