Mercor AI Data Breach: Supply Chain Attack via LiteLLM Package Compromise

The Mercor AI Data Breach: A in Supply Chain Vulnerability On March 24, 2026, Mercor AI, an AI-driven interview platform, suffered a significant data breach orchestrated by the hacking group Lapsus$. The attack exploited a compromised version of the LiteLLM package, a third-party language model library integrated into Mercor’s AI systems. This breach exposed approximately 4TB of sensitive data, including 211GB of candidate records, 939GB of source code, and 3TB of video interviews and identity documents.