Esc
SafetyCase Closed

Mercor $10B Data Breach via LiteLLM Supply Chain Attack

Is this a scandal?

No longer — the story has resolved. Noise 1/100, cooling down, across 0 sources.

SCAND-48523as of Methodology
Cite this incident"Mercor $10B Data Breach via LiteLLM Supply Chain Attack." SCAND.Ai incident SCAND-48523, noise 1/100 as of July 13, 2026. https://scand.ai/scandal/mercor-litellm-data-breach-analysis
FORECASTForecast, not fact

Regulatory bodies are likely to mandate stricter 'Software Bill of Materials' (SBOM) requirements for AI companies to track deep dependencies. We can also expect a shift toward 'air-gapped' or highly restricted environments for AI coding assistants to prevent them from accessing production secrets.

1

Noise 1/100 — louder than 90% of tracked AI controversies.

AI-assisted analysis · How we work

Why it matters

This incident highlights the catastrophic vulnerability of AI supply chains and the permanent risk of biometric data theft in the industry.

Key points

  1. Hackers compromised Aqua Security's Trivy scanner to hijack the LiteLLM open-source proxy project.
  2. A malicious version of LiteLLM (v1.82.8) was uploaded to PyPI, using a .pth file to auto-execute malware upon Python startup.
  3. Mercor lost 4TB of data, including 3TB of biometric video interviews and KYC documents used for identity verification.
  4. The breach is linked to developers using an AI coding assistant (Claude) with unrestricted system permissions.
  5. The stolen data is currently being auctioned by the Lapsus$ hacking group, posing a permanent identity theft risk.

The story

Mercor, an AI talent platform valued at $10 billion, has suffered a massive data breach affecting 4TB of sensitive data, including biometric face and voice recordings. The breach originated from a sophisticated supply chain attack targeting the popular open-source project LiteLLM. Attackers from the group TeamPCP initially compromised the Trivy security scanner by Aqua Security to gain credentials, which were then used to upload a malicious version of LiteLLM (v1.82.8) to PyPI. The malware utilized a hidden .pth file to execute code immediately upon Python startup, harvesting SSH keys and cloud tokens. Reports suggest Mercor developers inadvertently facilitated the breach by providing production credentials to an AI coding assistant running with elevated permissions. The stolen data, which includes source code and identity verification documents for 30,000+ contractors, is currently being auctioned by the Lapsus$ hacking group.

Who's involved

Critic
TeamPCP

The threat actor responsible for the initial compromise of the Trivy security scanner and the poisoning of LiteLLM.

Critic
Lapsus$

The hacking group currently auctioning the stolen 4TB of Mercor data on the dark web.

Neutral
Mercor

The victimized AI startup currently facing a massive data exfiltration crisis and potential legal liabilities.

Neutral
Aqua Security

The provider of the Trivy scanner which served as the initial entry point for the attack chain.

Neutral
LiteLLM Maintainers

The open-source developers whose project was hijacked to distribute malware via PyPI.

Join the Discussion

Discuss this story

Community comments coming in a future update

Be the first to share your perspective. Subscribe to comment.

Noise Level

Quiet1?Noise Score (0–100): how loud a controversy is. Composite of reach, engagement, star power, cross-platform spread, polarity, duration, and industry impact — with 7-day decay.
Decay: 5%
Reach
0
Engagement
0
Star Power
25
Duration
0
Cross-Platform
0
Polarity
85
Industry Impact
95

The timeline

  1. Lapsus$ Auction Begins

    The hacking group lists the stolen Mercor database, source code, and biometric files for sale.

  2. Mercor Data Exfiltration

    Malware leverages developer AI assistant permissions to exfiltrate 4TB of data to a spoofed domain.

  3. LiteLLM Poisoned on PyPI

    Version 1.82.8 of LiteLLM is uploaded with a malicious .pth payload that harvests credentials.

  4. Trivy Scanner Compromised

    TeamPCP gains access to credentials through Aqua Security's Trivy tool.

The full record

What's being under-reported

No defender-side coverage yet

The critic side is sourced here; no defending voice has been captured yet.

  • Coverage: 0 social posts, 0 news-outlet items.
  • Voices: 2 critics, 0 defenders.

The forecast

Regulatory bodies are likely to mandate stricter 'Software Bill of Materials' (SBOM) requirements for AI companies to track deep dependencies. We can also expect a shift toward 'air-gapped' or highly restricted environments for AI coding assistants to prevent them from accessing production secrets.

Forecast, not fact — an editorial estimate we score when this resolves.

You're up to date

That's the complete picture as of — nothing more to know right now. We'll update this page the moment it changes.