Mercor $10B Data Breach via LiteLLM Supply Chain Attack
Is this a scandal?
No longer — the story has resolved. Noise 1/100, cooling down, across 0 sources.
Regulatory bodies are likely to mandate stricter 'Software Bill of Materials' (SBOM) requirements for AI companies to track deep dependencies. We can also expect a shift toward 'air-gapped' or highly restricted environments for AI coding assistants to prevent them from accessing production secrets.
Noise 1/100 — louder than 90% of tracked AI controversies.
Why it matters
This incident highlights the catastrophic vulnerability of AI supply chains and the permanent risk of biometric data theft in the industry.
Key points
- Hackers compromised Aqua Security's Trivy scanner to hijack the LiteLLM open-source proxy project.
- A malicious version of LiteLLM (v1.82.8) was uploaded to PyPI, using a .pth file to auto-execute malware upon Python startup.
- Mercor lost 4TB of data, including 3TB of biometric video interviews and KYC documents used for identity verification.
- The breach is linked to developers using an AI coding assistant (Claude) with unrestricted system permissions.
- The stolen data is currently being auctioned by the Lapsus$ hacking group, posing a permanent identity theft risk.
The story
Mercor, an AI talent platform valued at $10 billion, has suffered a massive data breach affecting 4TB of sensitive data, including biometric face and voice recordings. The breach originated from a sophisticated supply chain attack targeting the popular open-source project LiteLLM. Attackers from the group TeamPCP initially compromised the Trivy security scanner by Aqua Security to gain credentials, which were then used to upload a malicious version of LiteLLM (v1.82.8) to PyPI. The malware utilized a hidden .pth file to execute code immediately upon Python startup, harvesting SSH keys and cloud tokens. Reports suggest Mercor developers inadvertently facilitated the breach by providing production credentials to an AI coding assistant running with elevated permissions. The stolen data, which includes source code and identity verification documents for 30,000+ contractors, is currently being auctioned by the Lapsus$ hacking group.
Who's involved
The threat actor responsible for the initial compromise of the Trivy security scanner and the poisoning of LiteLLM.
The hacking group currently auctioning the stolen 4TB of Mercor data on the dark web.
The victimized AI startup currently facing a massive data exfiltration crisis and potential legal liabilities.
The provider of the Trivy scanner which served as the initial entry point for the attack chain.
The open-source developers whose project was hijacked to distribute malware via PyPI.
Noise Level
The timeline
Lapsus$ Auction Begins
The hacking group lists the stolen Mercor database, source code, and biometric files for sale.
Mercor Data Exfiltration
Malware leverages developer AI assistant permissions to exfiltrate 4TB of data to a spoofed domain.
LiteLLM Poisoned on PyPI
Version 1.82.8 of LiteLLM is uploaded with a malicious .pth payload that harvests credentials.
Trivy Scanner Compromised
TeamPCP gains access to credentials through Aqua Security's Trivy tool.
The full record
What's being under-reported
No defender-side coverage yet
The critic side is sourced here; no defending voice has been captured yet.
- Coverage: 0 social posts, 0 news-outlet items.
- Voices: 2 critics, 0 defenders.
The forecast
Regulatory bodies are likely to mandate stricter 'Software Bill of Materials' (SBOM) requirements for AI companies to track deep dependencies. We can also expect a shift toward 'air-gapped' or highly restricted environments for AI coding assistants to prevent them from accessing production secrets.
Forecast, not fact — an editorial estimate we score when this resolves.
That's the complete picture as of — nothing more to know right now. We'll update this page the moment it changes.
Join the Discussion
Discuss this story
Community comments coming in a future update
Be the first to share your perspective. Subscribe to comment.