Supply‑Chain Compromise of LiteLLM Hits Mercor Recruitment Platform

Mercor reported that attackers published a malicious version of the open‑source LiteLLM Python package, which the company uses to power its AI‑driven candidate matching engine. When the compromised library was installed during a routine update, it silently executed code that scraped personal data from user profiles and resumes, then sent the information to an external command‑and‑control server. The breach affected a broad set of Mercor’s enterprise customers, exposing thousands of job seekers’ details.

Defenders must treat third‑party packages as a critical attack surface. This incident underscores the need for strict supply‑chain hygiene: enforce version pinning, employ automated provenance verification, and monitor runtime behavior of dependencies for anomalous activity. Early detection and rapid response can limit data exfiltration and prevent similar attacks from compromising downstream services.

Categories: Data Breaches, Vulnerabilities & Exploits, AI Security & Threats, #AI Security & Threats

Source: Read original article