Mercor says it was hit by cyberattack tied to compromise LiteLLM

nope1000 · 2026-04-02T08:11:02 1775117462

> The incident also prompted LiteLLM to make changes to its compliance processes, including shifting from controversial startup Delve to Vanta for compliance certifications.

This is pretty funny.

The leaked excel sheet with customers of Delve is basically a shortlist of targets for hackers to try now. Not that they necessarily have bad security, but you can play the odds

aservus · 2026-04-02T08:20:08 1775118008

This is a good reminder that any tool handling sensitive data — even internal ones — needs to be transparent about where data goes. The assumption that SaaS tools protect your data is getting harder to defend.

lukewarm707 · 2026-04-02T09:30:49 1775122249

I use llms to read the privacy policies that are too long to read. They guarantee almost nothing, unless you go out of your way to get an sla

ashishb · 2026-04-02T07:03:54 1775113434

[flagged]

lmc · 2026-04-02T07:53:18 1775116398

Docker is not a strong security boundary and shouldn't be used to sandbox like this

https://cloud.google.com/blog/products/gcp/exploring-contain...

EE84M3i · 2026-04-02T09:01:56 1775120516

Confusingly, Docker now has a product called "Docker Sandboxes" [1] which claims to use "microVMs" for sandboxing (separate VM per "agent"), so it's unclear to me if those rely on the same trust boundaries that traditional docker containers do (namespaces, seccomp, capabilities, etc), or if they expect the VM to be the trust boundary.

[1]: https://www.docker.com/products/docker-sandboxes/

ashishb · 2026-04-02T08:29:39 1775118579

Compared to what? Which one is superior?

Running npm on your dev machine? Or running npm inside Docker?

I would always prefer the latter but would love to know what your approach to security is that's better than running npm inside Docker.

lmc · 2026-04-02T08:39:47 1775119187

Read this: https://kayssel.substack.com/p/docker-escape-breaking-out-of...

ashishb · 2026-04-02T09:41:32 1775122892

So the worst case is that you are back to running npm on your host. Right?

lmc · 2026-04-02T08:44:14 1775119454

By all means, run your npm in docker, but please stop telling others it's a secure way to do so.

ashishb · 2026-04-02T09:42:58 1775122978

I only said it is a defense-in-depth measure.

I definitely want to know how is it worse than running npm directly on the host

habinero · 2026-04-02T09:55:58 1775123758

Those aren't the only options, my dude.

ashishb · 2026-04-02T10:01:47 1775124107

And what are good options that you use and that work on Linux as well as Mac OS?

notachatbot123 · 2026-04-02T07:38:22 1775115502

[flagged]

ashishb · 2026-04-02T07:52:08 1775116328

What makes you think that?

Your cab see the commit history ~10% of code is written by agents.

Rest was all written by me.

Unlike other criticisms of the project, this one feels personal as it is objectively incorrect.

bengale · 2026-04-02T07:57:39 1775116659

All these commenters just yell AI about every post and comment on here now. They have a worse hit rate than a blind marksman.