Mercor says it was hit by cyberattack tied to compromise of open source LiteLLM project
Summary
Mercor, an AI recruiting startup, confirms a security incident tied to a supply chain attack on the LiteLLM open-source project, linked to the TeamPCP operation and extortion group Lapsus$. The breach involved data samples reportedly including Slack data and ticketing information, with ongoing investigations and implications for AI tooling and open-source software security.