What is the LiteLLM supply-chain attack?

A compromise via tainted Trivy scanner in LiteLLM's Python SDK, injecting malware into thousands of installs since late May 2024.

Did Mercor lose any data in the LiteLLM attack ?

No confirmed exfil — they detected and remediated quickly, but the risk was real for candidate data.

How do I check if my code uses vulnerable LiteLLM?

Audit your requirements.txt or pyproject.toml for LiteLLM >=0.3.x post-May 22; scan with updated Trivy or pip-audit.

📋 Compliance & Policy

LiteLLM's Sneaky Supply-Chain Hack Just Bitten Its First Big AI Victim: Mercor

What if the very libraries powering your AI dreams were secretly phoning home to hackers? Mercor, the hot AI recruiting firm, just admitted it's among thousands snared in the LiteLLM supply-chain nightmare.

theAIcatchup Apr 08, 2026 4 min read

Digital chains breaking in a supply chain attack targeting AI code libraries like LiteLLM

⚡ Key Takeaways

LiteLLM supply-chain attack via Trivy compromise hit thousands, with Mercor as first public AI victim. 𝕏
No confirmed data loss at Mercor, but the backdoor enabled potential exfiltration across AI stacks. 𝕏
Urgent: Generate SBOMs, pin deps, and watch for AI-specific supply-chain defenses emerging fast. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#LiteLLM attack #Mercor breach #Trivy vulnerability #supply chain compromise

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Register Security

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Mercor's 4TB Nightmare: LiteLLM's Supply Chain Poison Reaches AI Hiring Giant

LiteLLM's PyPI Poison: How Hackers Turned an AI Gateway into a Secret-Scavenger

LiteLLM's Poisoned PyPI Packages Turned Dev Laptops Into Open Credential Safes

Mercor Breach Exposes TeamPCP's LiteLLM Rampage in Real Time

Stay in the loop