AI recruiting startup Mercor has confirmed that it was hit by a cyberattack tied to the compromise of the open source project LiteLLM. The attack, which is believed to have originated from a hacking group called TeamPCP, led to an security incident that Mercor moved promptly to contain and remediate.
LiteLLM, a widely used library for machine learning, had previously experienced a malicious code discovery in a package associated with the project. While the code was quickly identified and removed, it drew attention due to LiteLLM’s popularity on the internet.
Mercor, which works with companies like OpenAI and Anthropic to train AI models through domain experts, has not disclosed any details about data exposure or if any customer or contractor data was affected. Further investigations are ongoing.
推荐意见