A platform that helps AI industry leaders improve their models on Wednesday confirmed a security incident tied to a recent supply chain attack. **Mercor**, a prominent recruiting firm that works with companies like **OpenAI** to source experts and train AI models, was one of the thousands of organizations impacted by the compromise of the open-source **LiteLLM** project, according to a company statement. As of October 2025, the company was reportedly valued at $10 billion. “The privacy and security of our customers and contractors is foundational to everything we do at **Mercor**,” said **Mercor** spokesperson Heidi Hagberg. “Our security team moved promptly to contain and remediate the incident.” **Investigation Underway** **Mercor** is currently conducting a thorough investigation into the breach, with the assistance of external forensics experts. TechCrunch was first to report **Mercor**’s confirmation of the security incident. **Lapsus$ Claims Responsibility** While the **LiteLLM** attack has been reportedly linked to a group called **TeamPCP**, the hacking group **Lapsus$** claimed on its website that it had obtained hundreds of gigabytes of **Mercor**'s data. Heidi Hagberg did not immediately respond to questions about **Lapsus$**’s claims. **LiteLLM's Response** **LiteLLM** confirmed the hack on its systems last week, stating that it was “investigating a suspected supply chain attack involving unauthorized PyPI package publishes.” The open-source project indicated that a user’s PyPI account may have been “compromised and used to distribute malicious code.” A clean version of **LiteLLM** was released Monday, according to a **LiteLLM** security post.