Fordel StudiosMercor says it was hit by cyberattack tied to compromise of open source LiteLLM project
What Happened
The AI recruiting startup confirmed a security incident after an extortion hacking crew took credit for stealing data from the company's systems.
Our Take
Look, LiteLLM's a useful tool — it standardizes API calls across Claude, GPT, Gemini, whatever. But every abstraction layer is a supply chain attack vector, and Mercor just learned that the hard way. Some hacking crew pwned the company because they trusted OSS that wasn't audited hard enough.
The real issue isn't that open source is insecure — it's that AI companies are shipping OSS and connecting it straight to production data, assuming someone else is watching. Nobody's watching. You are.
If you're pulling LiteLLM into your stack, you've accepted the risk. The question is whether you've isolated it properly.
What To Do
Audit every third-party LLM dependency you're running. See what data it touches.
Cited By
React