Mercor Breach Linked to LiteLLM Supply-Chain Attack

AI Dependency Attack Reportedly Exposes Data and Source Code Michael Novinson (MichaelNovinson) • April 3, 2026

Artificial intelligence recruiting firm Mercor said it was compromised by the LiteLLM supply chain attack, making it the first confirmed downstream victim.

See Also: Gen AI Stalls, Shadow AI Rises: A CISO Concern

The Mercor breach stemmed from malicious versions of LiteLLM, a widely used LLM gateway, which had credential-stealing malware injected into its distribution. Because LiteLLM sits at a central integration point in AI systems, its compromise created a high-leverage attack vector affecting a large number of organizations simultaneously. LiteLLM routes requests between apps and more than 100 LLM providers.

"We recently identified that we were one of thousands of companies impacted by a supply chain attack involving LiteLLM," Mercor posted ...