"Mercor stated it was 'one of thousands of companies' affected by the LiteLLM compromise and acted promptly to contain and remediate the incident, bringing in third-party forensics experts."
"Attackers used compromised maintainer credentials to publish malicious LiteLLM versions 1.82.7 and 1.82.8 to PyPI, which were available for roughly 40 minutes, creating downstream exposure for widely used software."
"While Mercor has not confirmed the full scope of any exposed data, it is known that the breach occurred through the LiteLLM incident, and at least one major client has paused work."
Mercor, an AI training startup, has paused work with Meta following a security breach related to the LiteLLM supply chain attack. The breach raised concerns about the vendor layer supporting AI development. Mercor confirmed it was among many affected by the LiteLLM compromise and acted quickly to contain the incident. Attackers exploited compromised maintainer credentials to publish malicious versions of LiteLLM. While some clients, including OpenAI, continue projects, they are investigating potential data exposure. The breach's implications extend beyond Mercor, affecting the broader AI ecosystem.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]