LiteLLM Deserialization Flaw: The AI Supply Chain Attack That Compromised Mercor
Target Audience: Security Architects, AI Engineers, Supply Chain Security Leads Category: Incident Analysis / Supply Chain Executive Summary: The Mercor supply chain incident (April 8-12, 2026) demonstrated a fully realized AI supply chain attack: attackers identified and exploited a deserialization flaw in LiteLLM’s model routing layer allowing arbitrary code execution on any server running an…