AI hiring startup Mercor, valued at $10 billion, is facing five federal lawsuits filed in a single week after a confirmed data breach exposed sensitive contractor data. The breach originated through compromised open-source software LiteLLM, developed by Berrie AI. Lawsuits filed in California and Texas federal courts allege negligence and violations of data privacy and consumer protection laws.

What Happened

Mercor disclosed last week that it was "impacted" by a breach of LiteLLM, an open-source LLM proxy tool integrated into its platform. Attackers compromised the LiteLLM software, gaining access to Mercor's internal systems and contractor data. Between late March and early April 2026, five separate lawsuits were filed by contractors alleging Mercor failed to adequately protect their personal information. One lawsuit notably seeks to hold not only Mercor liable but also LiteLLM creator Berrie AI and security audit firm Delve, signaling a broadening of legal accountability across the software supply chain.

What Was Taken

Court filings allege the breach exposed highly sensitive contractor data including:

• Social Security numbers
• Home addresses and contact information
• Recorded video interviews between contractors and Mercor's AI system
• Internal Slack communications

TechCrunch confirmed that sample materials posted by the threat actors included Slack data and video recordings, validating the scope of the exposure. The combination of government-issued identifiers with biometric-adjacent video data creates a severe identity theft and fraud risk for affected individuals.

Why It Matters

This incident is a clear signal for the entire AI services ecosystem. Mercor sits at the intersection of two high-growth, high-risk sectors: AI model training and gig workforce management. Both sectors collect enormous volumes of sensitive personal data. The breach highlights three critical trends defenders must track:

Supply chain as attack surface. Mercor was not directly compromised. The attack came through an open-source dependency. As AI companies rapidly integrate open-source tooling like LiteLLM to accelerate development, each dependency becomes a potential entry point.

Legal liability is expanding. The lawsuit naming Berrie AI and auditor Delve alongside Mercor suggests courts may begin holding upstream vendors and their auditors accountable for downstream breaches. This has significant implications for open-source maintainers and the firms that certify software security.

AI-collected data is uniquely dangerous. Video interviews and AI interaction recordings represent a new class of breach exposure that goes beyond traditional PII, potentially enabling deepfakes or social engineering at scale.

The Attack Technique

Based on available reporting, the attack vector was a supply chain compromise of LiteLLM, an open-source tool used to proxy and manage LLM API calls. The specifics of how LiteLLM was compromised have not been publicly detailed, but common vectors for open-source supply chain attacks include:

• Compromised maintainer credentials or CI/CD pipelines
• Malicious code injection into a trusted package update
• Exploitation of vulnerabilities in the project's infrastructure

Once the LiteLLM component was compromised within Mercor's environment, attackers appear to have gained access to internal communications (Slack) and data stores containing contractor PII and interview recordings. The lateral movement from an LLM proxy tool to sensitive data stores suggests insufficient network segmentation between AI infrastructure and PII storage systems.

What Organizations Should Do

1. Audit open-source AI dependencies immediately. Inventory all LLM proxy tools, orchestration layers, and AI-adjacent open-source packages in your stack. Pin versions, verify signatures, and monitor for advisories.

2. Segment AI infrastructure from PII stores. LLM tooling should not have direct access to databases containing Social Security numbers, government IDs, or biometric data. Enforce network-level and identity-level segmentation.

3. Implement software composition analysis (SCA) in CI/CD. Automated scanning for known vulnerabilities and unexpected changes in open-source dependencies should gate every deployment.

4. Encrypt sensitive data at rest with per-record or per-tenant keys. Even if an attacker reaches the data store, field-level encryption limits the blast radius of a compromise.

5. Review third-party audit coverage. If your security posture depends on audits of upstream vendors, verify the scope and recency of those audits. The inclusion of auditor Delve in Mercor's lawsuit signals that rubber-stamp assessments carry real legal risk.

6. Prepare for regulatory and legal exposure. Organizations collecting workforce PII, especially video and biometric data, should ensure incident response plans account for multi-jurisdiction litigation and class action risk.

Sources: Mercor Hit With 5 Contractor Lawsuits in a Week Over Data Breach - Business Insider