Mercor, an AI‑driven recruiting platform, disclosed that a maliciously modified LiteLLM package was introduced into its software supply chain. The compromised package was pulled in during routine dependency updates, allowing hidden code to execute with the privileges of the update process. The payload exfiltrated candidate resumes, contact information, and internal hiring metrics, and opened a backdoor that granted attackers elevated access to Mercor’s internal network.

The breach highlights the danger of unverified third‑party components in CI/CD pipelines. Defenders must enforce strict SBOM tracking, implement integrity verification (e.g., sigstore, checksums), and isolate update mechanisms to prevent malicious code from gaining a foothold. Early detection of anomalous package behavior and continuous monitoring of privileged access are essential to stop similar supply‑chain compromises.