First public downstream victim, but won't be the last AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the fallout from the Trivy compromise continues to spread.…
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
Mercor, an AI recruiting startup, disclosed being impacted by the LiteLLM supply-chain attack, which affected thousands of downstream companies following the Trivy compromise. The attack exploited a vulnerability in the Trivy open-source vulnerability scanner, enabling malicious code execution in dependent services like LiteLLM. AI hiring tools and startups integrating LiteLLM are at risk of unauthorized access or data exfiltration.