A recent Mercor cyberattack has brought renewed attention to the risks associated with open-source software dependencies, after the AI recruiting startup confirmed it was impacted by a broader supply chain compromise. The Mercor data breach, which is still under investigation, has been linked to a malicious incident involving the widely used LiteLLM project. 

The data breach at Mercor stems from a security incident tied to LiteLLM, an open-source project used extensively across the AI ecosystem. Mercor acknowledged that it was “one of thousands of companies” affected by the compromise, which has been attributed to a hacking group known as TeamPCP. This Mercor cyberattack highlights the gr...