Krux
April 2, 2026
Lapsus$ Hits Mercor Through Open-Source AI Library LiteLLM
Published: April 2, 2026 at 12:30 AM
Updated: April 2, 2026 at 12:30 AM
100-word summary
Mercor confirmed it was breached after hackers planted malicious code in LiteLLM, an open-source library that routes requests to ChatGPT, Claude, and other models. The extortion group Lapsus$ leaked data samples, though it's unclear what customer information was stolen. Mercor says it was one of thousands of companies hit. LiteLLM works as a gateway between apps and AI providers, making it a high-value target. The attack used a self-spreading worm that hopped across developer tools, hitting security scanners Trivy and Checkmarx too. AI companies now face the same supply-chain risks that plagued traditional software, except the popular tools everyone imports are barely two years old.
What happened
Mercor confirmed it was breached after hackers planted malicious code in LiteLLM, an open-source library that routes requests to ChatGPT, Claude, and other models. The extortion group Lapsus$ leaked data samples, though it's unclear what customer information was stolen. Mercor says it was one of thousands of companies hit. LiteLLM works as a gateway between apps and AI providers, making it a high-value target. The attack used a self-spreading worm that hopped across developer tools, hitting security scanners Trivy and Checkmarx too.
Why it matters
AI companies now face the same supply-chain risks that plagued traditional software, except the popular tools everyone imports are barely two years old.