Mercor has disclosed it was impacted by a supply chain attack involving LiteLLM, after attackers used a compromised maintainer account to publish malicious PyPI packages that were available for roughly 40 minutes and likely downloaded by thousands of organizations. The incident, tied to a broader campaign involving a compromised Trivy dependency in CI/CD security workflows, is now under investigation as the Lapsus$ extortion group claims to have stolen over 4TB of data, including candidate profiles, credentials, and proprietary information.
Here’s some commentary from CTO of DryRun Security, Ken Johnson:
“What’s notable here isn’t just the LiteLLM compromise, it’s the pattern. We’re seeing the same playbook show up across groups like Lapsus$ and TeamPCP. Start with a trusted tool, pivot into CI/CD, then ride that access into cloud and AI infrastructure. This is becoming repeatable.
The bigger shift is that this isn’t traditional SCA risk. This isn’t a CVE sitting in a dependency. This is active malware in the supply chain, designed to spread, harvest credentials, and exfiltrate data as it moves.
Once attackers land in the pipeline, they’re inside your build and deployment process. At that point, it’s not about exploiting a bug, it’s about abusing trust to scale across environments.
We’ve moved toward a world where attackers don’t need new techniques, they just reuse what already works across the same shared tooling and AI stack.”
Supply chain attacks are real. Organizations need to make sure that they do everything possible to make sure that everything and everyone that they interact with are as secure as possible. Otherwise this is what you will get 100% of the time.
Like this:
Like Loading...
Related
This entry was posted on April 2, 2026 at 2:41 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
AI supply chain attack exposes 4TB of sensitive data
Mercor has disclosed it was impacted by a supply chain attack involving LiteLLM, after attackers used a compromised maintainer account to publish malicious PyPI packages that were available for roughly 40 minutes and likely downloaded by thousands of organizations. The incident, tied to a broader campaign involving a compromised Trivy dependency in CI/CD security workflows, is now under investigation as the Lapsus$ extortion group claims to have stolen over 4TB of data, including candidate profiles, credentials, and proprietary information.
Here’s some commentary from CTO of DryRun Security, Ken Johnson:
“What’s notable here isn’t just the LiteLLM compromise, it’s the pattern. We’re seeing the same playbook show up across groups like Lapsus$ and TeamPCP. Start with a trusted tool, pivot into CI/CD, then ride that access into cloud and AI infrastructure. This is becoming repeatable.
The bigger shift is that this isn’t traditional SCA risk. This isn’t a CVE sitting in a dependency. This is active malware in the supply chain, designed to spread, harvest credentials, and exfiltrate data as it moves.
Once attackers land in the pipeline, they’re inside your build and deployment process. At that point, it’s not about exploiting a bug, it’s about abusing trust to scale across environments.
We’ve moved toward a world where attackers don’t need new techniques, they just reuse what already works across the same shared tooling and AI stack.”
Supply chain attacks are real. Organizations need to make sure that they do everything possible to make sure that everything and everyone that they interact with are as secure as possible. Otherwise this is what you will get 100% of the time.
Share this:
Like this:
Related
This entry was posted on April 2, 2026 at 2:41 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.