AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack

AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the fallout from the Trivy compromise continues to spread.

"We recently identified that we were one of thousands of companies impacted by a supply chain attack involving LiteLLM," Mercor said on social media in a Tuesday post.

"Our security team moved promptly to contain and remediate the incident," the statement continued, adding that it's conducting a "thorough investigation" with the help of third-party forensics experts, and will "devote the resources necessary to resolving the matter as soon as possible."

The company's admission follows claims by extortion crew Lapsus$, later shared on social media by researcher Dominic Alvieri, that it stole 4 TB, including 939 GB of Mercor source code, plus other data, from the AI recruiting firm, and offered to sell the purloined files to the highest bidder.

While ...