lapsus$

The AI Training Pipeline Just Became a High-Value Target

John Z Black Apr 6, 2026

Incidents & Breaches #supply-chain #ai-security #litellm #mercor #lapsus$ #teampcp

A trojanized LiteLLM package hit Mercor, the AI training vendor shared by OpenAI, Anthropic, and Meta, exposing the massive concentration risk in the AI supply chain.