An Extortion Crew Stole 4 Terabytes From an AI Recruiting Firm. The Attack Came Through a Tool Nobody Was Watching.

Mercor is an AI recruiting startup. Its job is to evaluate candidates using artificial intelligence. Its source code, its candidate data, its infrastructure — 4 terabytes of it — was stolen by an extortion crew that got in through a compromised open source project called LiteLLM. Mercor says it was "one of thousands" of companies hit the same way.

Here is what happened. A tool that thousands of AI companies depend on to route calls between AI models was compromised at the source. A malicious update. Nobody caught it. The update propagated across the ecosystem automatically. The attackers walked in through the front door of every company that trusted the dependency without verifying it.

Mercor's response: we were not specifically targeted. We were collateral damage in a supply chain attack. That is supposed to be reassuring. It is not. It means the attack surface is the entire AI infrastructure stack. It means every company running AI tools built on open source dependencies is one compromised package away from the same call.

4 terabytes. 939 gigabytes of source code alone. Now being auctioned to the highest bidder. And the AI company whose entire product is evaluating human judgment had no human in the loop watching the tools it trusted to run its own systems.