The Right GPT

How To, Unbiased Guides, Prompts & Reviews for AI Tools

A 40-Minute Window, a Dependency of a Dependency, and a $10 Billion AI Startup Just Got Destroyed

Mercor Breach — Humanized

Let me tell you a story about how a 40-minute window brought down a unicorn.

On March 27, 2026, someone published two malicious code packages for a tool called LiteLLM. They were only available for about 40 minutes before someone noticed and pulled them down.

Forty minutes. That’s a lunch break. A couple of episodes of a sitcom. But it was enough.

Within days, Mercor — a $10 billion AI recruiting startup that works with OpenAI and Anthropic — admitted they were one of “thousands of companies” hit. And then an extortion group called Lapsus$ (yes, the same one that hacked Microsoft, Okta, and Uber) started auctioning off 4 terabytes of alleged Mercor data.

Including video interviews of contractors talking to Mercor’s AI systems.

🤯 A 40-minute window. A dependency of a dependency. And a $10 billion company is now cleaning up the mess.
Wait — who’s Mercor and why should I care?

Mercor launched in 2023. That’s just three years ago. But they grew like crazy: $10 billion valuation, a $350 million funding round, and over $2 million paid out every single day to contractors.

Those contractors aren’t random freelancers. They’re scientists, doctors, lawyers — mostly from India and other global markets — who help train AI models for OpenAI and Anthropic. So if you’ve ever used ChatGPT or Claude, your AI assistant might have been fine-tuned by someone whose video interview is now floating around on a hacker’s leak site.

How did this actually happen? (Brace yourself — it’s ridiculous)

This wasn’t a direct hack. Nobody broke into Mercor’s front door. Instead, they slipped in through a dependency of a dependency — the software equivalent of a spy sneaking into a building through the ventilation system of a food truck that delivers to the cafeteria.

  • Step 1: A tool called Trivy (used for security scanning) got compromised about a week earlier.
  • Step 2: LiteLLM — a library that 36% of cloud environments use — had Trivy in its automation pipeline. Hackers used stolen credentials to upload two bad versions of LiteLLM to PyPI (the Python package index).
  • Step 3: Because LiteLLM is downloaded millions of times a day, thousands of companies automatically grabbed the poisoned versions. Including Mercor.
  • Step 4: A hacking group called TeamPCP (yes, that name) partnered with Lapsus$ to turn the stolen data into cash.
  • Step 5: On March 31, Lapsus$ put Mercor on their leak site, claiming 4TB of data and sharing samples.
What did Lapsus$ allegedly take?
📄 Candidate profilesPII, employer data, login credentials
🎥 Video interviews2 contractor-AI conversation videos (TechCrunch saw them)
💬 Slack + ticketsInternal chats and support logs
🔑 Source code & secretsAPI keys, TailScale VPN data
🚨 Here’s where it gets uncomfortable.

Mercor confirmed the attack. They said they “moved promptly” and hired forensics experts. But when reporters asked three simple questions — Was customer data taken? Were contractor videos stolen? Did Lapsus$ really get 4TB?Mercor declined to answer.

That’s not a denial. That’s a “we’re not ready to tell you yet.”
The stuff nobody knows yet (and it’s scary)
Did Lapsus$ really get 4TB of data?Mercor won’t say
Were contractor videos actually stolen?Lapsus$ shared samples — Mercor silent
Is the data being auctioned right now?Yes, per Lapsus$ leak site
How many other companies are affected?“Thousands” — exact number unknown
Was any OpenAI/Anthropic data exposed?Mercor declined to answer
Why this is bigger than one startup

LiteLLM isn’t some obscure library. It’s in over a third of cloud environments. That 40-minute window could have poisoned thousands of companies — not just Mercor. And if you’re thinking, “but I don’t use LiteLLM,” remember: the attack came through Trivy, which is a dependency inside LiteLLM. Your dependency’s dependency just became your weakest link.

LiteLLM has since switched its compliance provider (from Delve to Vanta), but that’s like changing the locks after the burglar already walked out with your TV.

What this means for you, personally
  • If you’re a Mercor contractor: Assume your video interviews and personal data are out there. Start monitoring for phishing and identity theft.
  • If your company uses LiteLLM: Assume you were exposed. Even a 40-minute window is enough if your pipelines auto-update.
  • If you care about AI supply chain security: This is the warning shot. A $10 billion company with OpenAI as a client got taken down by a 40-minute oversight.
The bottom line (no corporate fluff)

The AI industry’s supply chain just got hacked. And the company at the center of it won’t say if your data was taken.

Maybe Lapsus$ is lying about the 4TB. Maybe they’re not. But Mercor’s silence is deafening.

Here’s what I keep coming back to: a 40-minute window, a dependency of a dependency, and a unicorn is now in damage control mode.

Your code is only as secure as the most vulnerable dependency you forgot you had. And right now, thousands of companies are learning that lesson the hard way.

This story is still developing. Mercor hasn’t answered follow-up questions about Lapsus$’s claims. We’ll update as we learn more. Sources: Fortune, TechCrunch, LiteLLM disclosure, Snyk.