“`html
Mercor AI has formally acknowledged a significant data breach after assertions from the infamous Lapsus$ hacking group that they have acquired 4 terabytes of confidential corporate data.
The occurrence, arising from a recent supply chain compromise involving the open-source LiteLLM project, has unveiled proprietary source code, internal databases, and substantial quantities of user-verification information.
The hacking group Lapsus$ has advertised Mercor’s platform data for a live auction on the dark web, urging potential buyers to “propose an offer.” The malicious actors assert that they have extracted the complete 4-terabyte dataset by infiltrating the company’s Tailscale VPN.
The extensively detailed pilfered cache allegedly contains 939GB of platform source code, a 211GB user database, and 3TB of storage buckets with video interviews and identity verification documents.
Mercor AI Official Reaction
Responding to the extortion efforts, Mercor AI published a public announcement stressing that the privacy and security of their clients and associates are their core focus. The firm clarified that the breach was a direct consequence of a prevalent supply chain assault involving the open-source routing library LiteLLM.
Mercor’s security team swiftly controlled the situation and is now performing a detailed investigation in collaboration with renowned third-party forensic specialists.
The origin of Mercor’s breach dates back to late March 2026, when an adversary known as TeamPCP compromised the PyPI publishing credentials for the LiteLLM library.
TeamPCP implanted a three-tier malicious backdoor into versions 1.82.7 and 1.82.8, intended to capture credentials and establish persistent system access. Given LiteLLM’s extensive integration into AI applications, the malware executed immediately upon installation, impacting thousands of unsuspecting organizations.
Founded in 2023, Mercor runs a highly prosperous AI recruitment platform, claiming over $500 million in revenue while connecting skilled domain experts with leading AI enterprises such as OpenAI and Anthropic.
The startup processes over $2 million in daily disbursements and now encounters substantial operational hazards due to the exposure of its contractors’ personal details.
The leakage of internal AI source code and sensitive KYC materials poses grave security risks for both the $10 billion platform and its vast user community.
Lapsus$ is a notorious cybercrime ring with a history of targeting prominent technology firms through aggressive extortion strategies. The group often employs public data leaks and dark web auctions to coerce victims into paying ransoms following failed private negotiations.
Their involvement in the Mercor AI breach underscores a recurring pattern of threat actors exploiting upstream supply chain vulnerabilities to access substantial downstream corporate datasets.
“`