Supply‑Chain Attack on LiteLLM Infects Thousands, Mercor Among Victims

A malicious contributor slipped back‑door code into the open‑source LiteLLM library, a widely used wrapper for prompting large language models. The tampered package was published to the public PyPI index, and any downstream application that installed or updated the library automatically inherited the hidden payload. The code can execute arbitrary commands, steal API keys, and manipulate model responses without the victim’s knowledge.

Mercor, an AI‑driven recruiting platform, confirmed it was one of “thousands” of organizations that pulled the compromised version of LiteLLM into production. The attack gave threat actors a foothold inside the recruiting workflow, exposing sensitive candidate data and potentially allowing further lateral movement within corporate networks. Defenders must treat this as a supply‑chain breach, not a isolated bug.

Security teams should immediately audit their Python dependencies, enforce signed package verification, and monitor for unexpected network calls or process launches from LLM‑related services. Implementing software‑bill‑of‑materials (SBOM) tracking, continuous integrity checks, and runtime anomaly detection can reduce the blast radius of similar upstream compromises in the future.

Categories: Vulnerabilities & Exploits, AI Security & Threats, #AI Security & Threats

Source: Read original article