Mercor AI Breached via LiteLLM Supply Chain Attack - 4TB of Data Stolen by Lapsus$
cybersecuritydata_breachsupply_chain_attackLapsus$Mercor_AILiteLLMAIstartupVPNcredential_theftsource_code_leakpersonal_data
On March 24, 2026, Mercor AI experienced a breach attributed to the hacking group Lapsus$, stemming from a supply chain attack involving a compromised LiteLLM package. The attackers allegedly accessed internal systems, including Tailscale VPN credentials, and exfiltrated around 4TB of data—211GB of candidate records, 939GB of source code, and 3TB of video interviews and identity documents. Mercor confirmed the incident in a public statement, noting it was part of a broader LiteLLM supply chain attack and that remediation efforts were initiated.