AI recruitment startup Mercor has fallen victim to a sophisticated cyberattack linked to vulnerabilities in the open-source LiteLLM project, the company confirmed today. An extortion-focused hacking crew has claimed responsibility for the breach, asserting they successfully infiltrated Mercor's systems and exfiltrated sensitive corporate data through the compromised AI infrastructure component.

"We are working around the clock to assess the scope of this incident and have engaged leading cybersecurity experts to assist in our response," said Mercor's Chief Security Officer in a brief statement. The company has begun notifying potentially affected customers and employees, though the full extent of the data theft remains unclear. Security experts warn that similar supply chain attacks targeting open-source AI dependencies are becoming increasingly common as organizations accelerate their adoption of artificial intelligence technologies.