From Supply Chain Attack to Class Action in Ten Days
On March 24, 2026, TeamPCP compromised LiteLLM on PyPI. On April 1, the first class action lawsuits landed. Five suits in a single week, filed in federal courts in California and Texas, all targeting Mercor — the $10 billion AI staffing platform that was LiteLLM’s most visible casualty.
The suits name not just Mercor but also BerriAI (LiteLLM’s creator) and Delve Technologies, the compliance startup that allegedly fabricated SOC 2 reports for LiteLLM and hundreds of other companies. The three-defendant structure signals where AI liability law is heading: when the breach traces through a supply chain, plaintiffs will follow the chain.
What Mercor Lost
The breach disclosures paint a picture of near-total compromise:
- 4 terabytes of exfiltrated data
- 939 GB of platform source code
- 211 GB user database
- 3 TB of video interview recordings and identity documents
- Internal Slack communications, VPN configurations, and infrastructure credentials
- Social Security numbers for over 40,000 contractors
The Lapsus$ hacking group claimed responsibility and began auctioning the stolen data on dark web forums. Meta indefinitely paused all Mercor contracts. OpenAI, Anthropic, and Google each began investigating their own exposure through Mercor’s platform.
A $10 billion valuation company, compromised stem to stern, because a malicious Python package was live on PyPI for somewhere between 40 minutes and 3 hours.
The Cases
At least five lawsuits were filed in the week of April 1, 2026:
Gill v. Mercor.io Corporation (N.D. Cal., 3:26-cv-02831). Lisa Gill, a contractor from Hawaii, filed a proposed nationwide class action through Edelsberg Law.
Deboni v. Mercor.io Corporation (N.D. Cal., 3:26-cv-02821). Christof Deboni filed through Milberg PLLC with a 49-page complaint. Assigned to Judge Alex G. Tse.
Esson v. Mercor.io Corporation (N.D. Cal., 3:26-cv-02839). NaTivia Esson, who worked as a Mercor contractor from March 2025 through March 2026, filed through Strauss Borrelli.
A fourth suit names all three companies — Mercor, BerriAI, and Delve — as co-defendants in a 42-page filing that traces the full attack chain from compromised CI/CD pipeline through fabricated compliance certifications to data exfiltration.
A fifth suit was filed in Texas federal court.
What the Complaints Allege
The complaints converge on a familiar set of security failures, but the specifics are striking:
- No multi-factor authentication
- No encryption of sensitive data at rest or in transit
- No access controls limiting who could view contractor PII
- No monitoring for suspicious activity
- No regular credential rotation
- Failure to report the breach to state attorneys general as required by law
None of these are exotic failures. MFA, encryption at rest, access controls, and monitoring are table-stakes security practices — the baseline measures that every compliance framework (SOC 2, ISO 27001, HIPAA, CMMC) requires.
The plaintiffs seek compensatory, consequential, statutory, and punitive damages, plus injunctive relief requiring a comprehensive security overhaul, credit monitoring, and annual independent security audits.
The Compliance Chain That Was Not There
The Mercor lawsuits go beyond a routine data breach case.
Delve Technologies issued LiteLLM’s SOC 2 and ISO 27001 certifications. In theory, those certifications mean an independent auditor evaluated the organization’s security controls, tested evidence, and concluded that the controls were operating effectively.
But as the DeepDelver whistleblower revealed, those certifications were allegedly fabricated. The auditor conclusions were pre-written. The evidence was never reviewed. The compliance reports were templates with client names swapped in.
So when Mercor’s vendor risk team — or any downstream customer — evaluated LiteLLM as a dependency and checked for SOC 2 compliance, they got a green light from a report that was fiction. The framework designed to catch missing MFA, missing encryption, and missing monitoring caught nothing, because nobody was actually looking.
The causal chain the lawsuits are building runs straight through: Delve certified controls that did not exist. LiteLLM operated without those controls. TeamPCP exploited the gap. Mercor’s data walked out the door.
Y Combinator expelled Delve on April 4. LiteLLM had already dropped Delve for Vanta on March 30. But the damage was done.
What This Means for Vendor Risk Management
The Mercor lawsuits test a question that has been theoretical until now: what happens when the compliance certification in your vendor risk file turns out to be worthless?
Every organization that relies on third-party SOC 2 reports, ISO 27001 certificates, or compliance badges to make vendor risk decisions should be asking three questions right now:
1. Who actually performed the audit? Not who is listed on the cover page — who did the work. Check the engagement partner’s CPA license through their state board. Verify the firm in the AICPA peer review public file. If you cannot find a real operating history, you have your answer.
2. Does the report contain company-specific detail? A real SOC 2 report describes the specific systems, the specific controls, and the specific evidence the auditor examined. If Section 3 reads like it could describe any company, it probably was written to describe every company.
3. What is your exposure if the report is wrong? The Mercor plaintiffs are not suing Delve because they have a contractual relationship with Delve. They are suing because Delve’s allegedly fraudulent certifications were a link in the chain that led to their data being stolen. Downstream liability from fake compliance is now a live legal theory.
The Bigger Pattern
Mercor marks the third major data breach in the past two years where missing MFA was a central factor. Change Healthcare lost $22 billion in market value over a Citrix portal without MFA. The MGM Resorts breach started with a social engineering call to the help desk.
The pattern holds: the breaches that cause the most damage trace back to missing basic controls, not sophisticated zero-days. Compliance frameworks exist to verify those controls, and organizations assume they are in place because a report says so.
When the report is fabricated, the assumption is fatal.
What Organizations Should Do
Audit your compliance supply chain. If any of your vendors used Delve for compliance certifications, treat those certifications as void. Require new assessments from verified, AICPA-registered firms.
Do not rely on compliance badges as evidence. A trust center page is marketing. A SOC 2 report is only as good as the auditor who wrote it. Verify both.
Implement the basics in your own environment. MFA everywhere. Encryption at rest and in transit. Least-privilege access controls. Credential rotation. Activity monitoring. The Mercor complaints specifically allege every one of these was missing — and any one of them would have limited the blast radius.
Review your supply chain dependencies. The March 2026 attacks demonstrated that your CI/CD pipeline, your security scanners, and your AI infrastructure are all attack surfaces. Pin dependencies. Verify checksums. Monitor for version discrepancies between registries and source repositories.
Prepare for the regulatory response. Five class actions in one week means attorneys general are watching. The EU Cyber Resilience Act’s vulnerability reporting obligations begin in September 2026. Organizations that cannot demonstrate they had reasonable security controls in place will face regulatory exposure on top of civil liability.
Where This Goes
The Mercor litigation will take years to resolve. But the precedent it is setting is immediate: when a supply chain attack causes a data breach, and the compliance certifications that were supposed to prevent it turn out to be fake, every entity in that chain is a defendant.
The risk is no longer theoretical. It has five docket numbers in federal court.
We help organizations build security programs that survive real scrutiny, assess their supply chains for the dependencies that actually matter, and implement AI governance frameworks that go beyond checkbox compliance. Because when the next breach happens, the question will not be whether you had a SOC 2 report. It will be whether the controls behind it were real.
Related posts
Zero to a Million in Twelve Weeks: Why YC's Incentive Structure Is an Enterprise Vendor Risk Problem
When a startup accelerator tells founders that failing to hit a million dollars in revenue in twelve weeks is a 'skill issue,' the pressure does not just produce growth. It produces shortcuts. Enterprise buyers should pay attention.
Read moreDelve and the 494 Fake SOC 2 Reports: What the Compliance Industry Should Learn
A Y Combinator-backed compliance startup allegedly fabricated 494 SOC 2 reports with auditor conclusions pre-written before clients submitted any evidence.
Read moreFive Supply Chain Attacks in Twelve Days: March 2026 Broke Open Source Trust
In twelve days, attackers compromised Trivy, Checkmarx, LiteLLM, Telnyx, and Axios — and the supply chain security model most organizations rely on did not survive.
Read more