AI recruiting startup Mercor has confirmed it was targeted in a cyberattack that hackers claim resulted in the theft of company data. The security incident was linked to a compromise of the open-source LiteLLM project, according to the company.

An extortion hacking crew took credit for the data breach, claiming to have successfully infiltrated Mercor's systems. The company acknowledged the security incident but did not immediately provide details about the scope of the breach or what specific data may have been compromised.

The attack appears to be connected to vulnerabilities in the LiteLLM open-source project, which provides software infrastructure used by various online services. Open-source projects are widely used across the technology industry but can become targets for cybercriminals seeking to exploit vulnerabilities that affect multiple downstream users.

Mercor operates as an AI-powered recruiting platform, connecting companies with technical talent. The startup uses artificial intelligence and machine learning technologies to match job candidates with potential employers based on skills and experience.

The incident highlights ongoing cybersecurity challenges facing companies that rely on open-source software components. Security researchers have increasingly warned about supply chain attacks that target widely-used open-source projects as a way to reach multiple victims through a single compromise.