Mercor Breach Linked to LiteLLM Attack Raises AI Supply Chain Security Concerns - Techgenyz

Attackers executed a supply-chain attack on the open-source library LiteLLM by exploiting stolen credentials to inject malicious code into its PyPI distribution pipeline. This malware actively harvested sensitive information, including API keys and cloud credentials, from affected systems, potentially leading to the compromise of up to 4TB of data from companies like Mercor.