## AI Recruiting Startup Mercor Hit by Cyberattack, Hackers Claim Data Theft via Compromised LiteLLM
AI recruiting startup Mercor has confirmed a security breach after an extortion-focused hacking group claimed responsibility for stealing data from the company's internal systems. The incident is directly tied to the compromise of the open-source LiteLLM project, a widely used library for unifying large language model APIs, indicating a sophisticated supply-chain attack vector targeting the AI development ecosystem.

The attack highlights a critical vulnerability where trusted, foundational open-source tools become entry points for corporate espionage and data theft. Mercor, which leverages AI to match tech talent with companies, now faces the dual pressures of a data breach and the operational fallout from a compromised core dependency. The extortion crew's public claim suggests they possess sensitive information, potentially including proprietary algorithms, client data, or internal communications, which they may leverage for financial gain.

This breach places intense scrutiny on the security practices of AI startups that rapidly integrate third-party code. It raises significant risks for the broader tech recruitment and AI sectors, where proprietary matching models and candidate databases are prime targets. The incident serves as a stark warning about the escalating threats to the AI supply chain, prompting other firms reliant on projects like LiteLLM to urgently audit their integrations and dependency security.
---
- **Source**: Hacker News
- **Sector**: The Lab
- **Tags**: cyberattack, data breach, AI recruitment, open-source security, supply chain attack
- **Credibility**: unverified
- **Published**: 2026-04-01 01:56:57
- **ID**: 44394
- **URL**: https://whisperx.ai/en/intel/44394