# Mercor confirms supply-chain cyberattack tied to LiteLLM compromise _Friday, June 26, 2026 at 6:22 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_ ![Mercor confirms supply-chain cyberattack tied to LiteLLM compromise — Primary](https://tech-insider.org/wp-content/uploads/2026/06/mercor-litellm-supply-chain-attack-2026.webp) Mercor confirmed on March 31, 2026, that it had been hit by a cascading supply-chain cyberattack tied to the compromise of LiteLLM, an open-source AI gateway library downloaded roughly 95 million times per month. The company told TechCrunch it was one of thousands of organizations affected. A post-mortem published by security firm Halborn stated that attackers exfiltrated approximately 4 terabytes of internal data. The material included Slack archives, source code, ticketing logs, contractor passport scans, Social Security numbers, and interview recordings. The LiteLLM compromise surfaced roughly a week earlier in March after researchers spotted malicious code in a package. The attack chain started with the compromise of Trivy, an open-source vulnerability scanner, which was then used to insert malicious code into a LiteLLM package. The poisoned package was removed within hours. Mercor is a Y Combinator-backed AI talent marketplace that connects domain experts with labs training frontier models for OpenAI, Anthropic, Meta, and Google. The exfiltrated data includes personally identifiable information for more than 40,000 contractors. An extortion crew identified as TeamPCP appeared to be behind the LiteLLM intrusion, while the Lapsus$ group claimed it had obtained Mercor's data. LiteLLM, maintained by BerriAI, gives developers a unified interface to more than 100 LLM providers. In response, the maintainers moved security tooling to Vanta, formalized signed releases, and tightened contributor vetting. ## Sources - [Tech Insider](https://tech-insider.org/mercor-litellm-supply-chain-attack-2026/) --- Canonical: https://techandbusiness.org/newswire/WMYow9Ig064KslncDNzPB2 Retrieved: 2026-06-27T04:14:32.657Z Publisher: Tech & Business (techandbusiness.org)