The AI supply chain just had its Log4j moment.
On March 31, attackers injected credential-stealing malware into LiteLLM — the open-source gateway that routes API calls between enterprise applications and every major LLM provider. OpenAI. Anthropic. Cohere. All of them flow through infrastructure like this.
Mercor, a $10 billion AI recruiting platform serving the frontier labs, was the first confirmed casualty. Roughly 4 terabytes of data — source code, contractor records, video interviews, AI training methodologies — exfiltrated. Meta halted all work with them immediately.
Mercor confirmed it was “one of thousands of companies” affected.
The blast radius: LiteLLM is downloaded 95 million times per month. Compromised versions were pulled tens of thousands of times before removal. Every organization routing LLM traffic through an unaudited open-source gateway is in scope — whether they know it or not.
What security teams need to do now: Audit every open-source dependency in your AI integration layer, not just your models. Treat AI middleware — gateways, proxies, MCP servers — as critical infrastructure requiring the same controls as production systems. Implement software composition analysis specifically scoped to your AI stack, separate from your general SCA tooling.
The breach didn’t happen at the model level. It happened at the middleware layer nobody was watching. That’s the governance gap. And it has no owner yet.
♾ The AI Threat Brief | AI Security Intelligence for Leaders
