AI company Mercor has confirmed a significant security breach connected to a LiteLLM supply chain compromise. Hackers claim to have stolen 4TB of sensitive data and gained access to internal systems at scale. The LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments across multiple organizations, with Mercor being the first to publicly confirm the breach.
Security researchers are warning about growing AI system exposure and limited visibility into these emerging attack vectors. The incident highlights the expanding attack surface as organizations rapidly adopt AI tools and frameworks without adequate security controls. As AI systems become more integrated into business operations, supply chain attacks targeting AI infrastructure represent a growing threat vector that organizations must prepare for and defend against.
