LiteLLM Deserialization Flaw: The AI Supply Chain Attack That Compromised Mercor
The Mercor supply chain incident in April 2026 highlighted a severe AI supply chain attack due to a deserialization flaw in LiteLLM. This vulnerability allowed attackers to execute arbitrary code, compromising Mercor’s infrastructure and leading to data exfiltration. Meta paused its collaboration as this incident underscored the security risks associated with rapidly adopted AI frameworks.
You must be logged in to post a comment.