LiteLLM Supply Chain Attack Hit Thousands of AI Companies — Mercor Confirms Data Breach

A serious supply chain attack targeting the widely-used LiteLLM AI library has affected thousands of organizations. AI recruiting platform Mercor has now confirmed it is among the victims.

The attack was carried out by hacking group TeamPCP on March 24, 2026. The group compromised LiteLLM's PyPI publishing credentials and released two malicious versions of the library (1.82.7 and 1.82.8) to the Python package index. The packages contained a three-stage malicious payload designed to harvest credentials, attempt lateral movement across Kubernetes clusters, and install a persistent backdoor.

Although the malicious versions were only available for approximately 40 minutes, they were automatically downloaded by thousands of organizations using LiteLLM in their AI pipelines.

Mercor, an AI recruiting company working with clients including Meta, Apple, and Amazon, confirmed it was affected. Hacking group Lapsus$ claims to have stolen four terabytes of data from Mercor — including candidate profiles, personally identifiable information, employer data, internal Slack communications, and proprietary training datasets from major AI companies.

Mercor says its security team responded quickly and has engaged third-party forensics experts to investigate the scope of the breach. LiteLLM has since released a clean version (v1.83.0) with enhanced CI/CD security measures.

Organizations that installed LiteLLM via pip between 10:39 and 16:00 UTC on March 24, or had unpinned dependencies that pulled in the compromised versions, are advised to immediately rotate all credentials and audit their environments for compromise.