Outlook Business Desk
Mercor, an AI startup that provides data to OpenAI and Anthropic, has disclosed a security incident that could have compromised sensitive company and user information. The breach, which reportedly involved malicious code, has raised concerns over cybersecurity vulnerabilities across the broader artificial intelligence (AI) ecosystem.
According to a TechCrunch report, the breach traces back to a supply chain attack involving LiteLLM, an open-source tool developers use to connect applications with artificial intelligence services. However the company has confirmed it was among thousands of companies affected by this compromise.
A hacking group known as TeamPCP reportedly targeted LiteLLM by embedding malicious code into the software. As per the reports, this enabled attackers to capture and extract user credentials from developers who had integrated the tool into their systems across the industry.
A separate cybercrime group, Lapsus$, known for its extortion tactics, has also claimed responsibility for targeting Mercor. However, according to reports, it is still unclear whether the group was directly involved in the LiteLLM attack or accessed the data on its own.
Lapsus$ shared sample data allegedly taken from Mercor, which included references to Slack communications and internal ticketing systems. The group also released two videos that appeared to show interactions between Mercor’s AI systems and contractors on its platform.
Although the malicious code in LiteLLM was removed within hours, but its widespread use meant the breach spread quickly across several organisations, increasing both the scale and the potential impact of the incident.
Mercor said it moved quickly to contain the incident and has launched a third-party forensic investigation. However, the company has not confirmed whether any customer or contractor data was misused or if the Lapsus$ claims are directly linked.