Mercor confirms supply chain attack as Meta pauses work over AI training data exposure risks

Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project | TechCrunch

Mercor, a popular AI recruiting startup, has confirmed a security incident linked to a supply chain attack involving the open-source project LiteLLM. The AI startup told TechCrunch on Tuesday that it was "one of thousands of companies" affected by a recent compromise of LiteLLM's project, which was linked to a hacking group called TeamPCP. Confirmation of the incident comes as extortion hacking group Lapsus$ claimed it had targeted Mercor and gained access to its data. It's not immediately clear how the Lapsus$ gang obtained the stolen data from Mercor as part of TeamPCP's cyberattack. Founded in 2023, Mercor works with companies including OpenAI and Anthropic to train AI models by contracting specialized domain experts such as scientists, doctors, and lawyers from markets including India. The startup says it facilitates more than $2 million in daily payouts and was valued at $10 billion following a $350 million Series C round led by Felicis Ventures in October 2025. Mercor spokesperson Heidi Hagberg confirmed to TechCrunch that the company had "moved promptly" to contain and remediate the security incident. "We are conducting a thorough investigation supported by leading third-party forensics experts," said Hagberg. "We will continue to communicate with our customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible." Earlier, Lapsus$ claimed responsibility for the apparent data breach on its leak site and shared a sample of data allegedly taken from Mercor, which TechCrunch reviewed. The sample included material referencing Slack data and what appeared to be ticketing data, as well as two videos purportedly showing conversations between Mercor's AI systems and contractors on its platform. Hagberg declined to answer follow-up questions on whether the incident was connected to claims by Lapsus$, or whether any customer or contractor data had been accessed, exfiltrated, or misused. The compromise of LiteLLM originally surfaced last week after malicious code was discovered in a package associated with the Y Combinator-backed startup's open-source project. While the malicious code was identified and removed within hours, the incident drew scrutiny due to LiteLLM's widespread use around the internet, with the library downloaded millions of times per day, per security firm Snyk. The incident also prompted LiteLLM to make changes to its compliance processes, including shifting from controversial startup Delve to Vanta for compliance certifications. It remains unclear how many companies were affected by the LiteLLM-related incident or whether any data exposure occurred, as investigations continue.

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused all its work with the data contracting firm Mercor while it investigates a major security breach that impacted the startup, two sources confirmed to WIRED. The pause is indefinite, the sources said. Other major AI labs are also reevaluating their work with Mercor as they assess the scope of the incident, according to people familiar with the matter. Mercor is one of a few firms that OpenAI, Anthropic, and other AI labs rely on to generate training data for their models. The company hires massive networks of human contractors to generate bespoke, proprietary datasets for these labs, which are typically kept highly secret as they're a core ingredient in the recipe to generate valuable AI models that power products like ChatGPT and Claude Code. AI labs are sensitive about this data because it can reveal to competitors -- including other AI labs in America and China -- key details about the ways they train AI models. It's unclear at this time whether the data exposed in Mercor's breach would meaningfully help a competitor. While OpenAI has not stopped its current projects with Mercor, it is investigating the startup's security incident to see how its proprietary training data may have been exposed, a spokesperson for the company confirmed to WIRED. The spokesperson says that the incident in no way affects OpenAI user data, however. Anthropic did not immediately respond to WIRED's request for comment. Mercor confirmed the attack in an email to staff on March 31. "There was a recent security incident that affected our systems along with thousands of other organizations worldwide," the company wrote. A Mercor employee echoed these points in a message to contractors on Thursday, WIRED has learned. Contractors who were staffed on Meta projects cannot log hours until -- and if -- the project resumes, meaning they could functionally be out of work, a source familiar claims. The company is working to find additional projects for those impacted, according to internal conversations viewed by WIRED. Mercor contractors were not told exactly why their Meta projects were being paused. In a Slack channel related to the Chordus initiative -- a Meta-specific project to teach AI models to use multiple internet sources to verify their responses to user queries -- a project lead told staff that Mercor was "currently reassessing the project scope." An attacker known as TeamPCP appears to have recently compromised two versions of the AI API tool LiteLLM. The breach exposed companies and services that incorporate LiteLLM and installed the tainted updates. There could be thousands of victims, including other major AI companies, but the breach at Mercor illustrates the sensitivity of the compromised data. Mercor and its competitors -- such as Surge, Handshake, Turing, Labelbox, and Scale AI -- have developed a reputation for being incredibly secretive about the services they offer to major AI labs. It's rare to see the CEOs of these firms speaking publicly about the specific work they offer, and they internally use codenames to describe their projects. Adding to the confusion around the hack, a group going by the well-known Lapsus$ name claimed this week that it had breached Mercor. In a Telegram account and on a BreachForums clone, the actor offered to sell an array of alleged Mercor data, including a 200-plus GB database, nearly 1 TB of source code, and 3 TBs of video and other information. But researchers say that many cybercriminal groups now periodically take up the Lapsus$ name and that Mercor's confirmation of the LiteLLM connection means that the attacker is likely TeamPCP or an actor connected to the group. TeamPCP appears to have compromised the two LiteLLM updates as part of an even larger supply chain hacking spree in recent months that has been gaining momentum, catapulting TeamPCP to prominence. And while launching data extortion attacks and working with ransomware groups, such as the group known as Vect, TeamPCP has also strayed into political territory, spreading a data wiping worm known as "CanisterWorm" through vulnerable cloud instances with Farsi as their default language or clocks set to Iran's time zone. "TeamPCP is definitely financially motivated," says Allan Liska, an analyst for the security firm Recorded Future who specializes in ransomware. "There might be some geopolitical stuff as well, but it's hard to determine what's real and what's bluster, especially with a group this new." Looking at the dark web posts of the alleged Mercor data, Liska adds, "There is absolutely nothing that connects this to the original Lapsus$."

Mercor says it was 'one of thousands' hit in LiteLLM attack

AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the fallout from the Trivy compromise continues to spread. "We recently identified that we were one of thousands of companies impacted by a supply chain attack involving LiteLLM," Mercor said on social media in a Tuesday post. "Our security team moved promptly to contain and remediate the incident," the statement continued, adding that it's conducting a "thorough investigation" with the help of third-party forensics experts, and will "devote the resources necessary to resolving the matter as soon as possible." The company's admission follows claims by extortion crew Lapsus$, later shared on social media by researcher Dominic Alvieri, that it stole 4 TB, including 939 GB of Mercor source code, plus other data, from the AI recruiting firm, and offered to sell the purloined files to the highest bidder. While Mercor's statement didn't say how Lapsus$ gained access to its company data following the LiteLLM compromise, last week Wiz security researchers told The Register that "high-profile extortion groups like Lapsus$" were now working with the TeamPCP, the crew believed to be responsible for the Trivy, LiteLLM, and other popular open source project supply chain attacks. Mercor did not immediately respond to our inquiries. Following a report that TeamPCP also breached Cisco's internal development environment and stole source code from credentials swiped via the Trivy attack, Cisco told The Register that it is "aware of the Trivy supply-chain issue that is affecting the industry." "We promptly launched an assessment and based on our investigation to date, we have not seen any evidence of impact on our customers, products, or services," a spokesperson told us. "We continue to investigate and closely monitor this situation and will follow our well-established procedures for addressing these types of issues and communicating with our customers as appropriate." Cisco twice declined to answer this question: Were any of Cisco's systems accessed by the attackers? TeamPCP compromised Trivy, an open source vulnerability scanner maintained by Aqua Security in late February, and, a month later, injected credential-stealing malware into the scanner. Later in March, the same crew injected the same malware into open source static analysis tool KICS maintained by Checkmarx, and also published malicious versions of LiteLLM and Telnyx to the Python Package Index (PyPI). After all of these attacks, Google-owned cloud security shop Wiz said its researchers "saw indications in Cloud, Code, and Runtime evidence that the credentials and secrets stolen in the supply chain compromises were quickly validated and used to explore victim environments and exfiltrate additional data." So while Mercor is the first downstream company to publicly confirm it was a victim of the compromises, it won't be the last. Threat hunters at vx-underground estimate the data thieves have exfiltrated data and secrets from 500,000 machines, and last week at RSA Conference, Mandiant Consulting CTO Charles Carmakal told reporters that the Google-owned incident response biz knew of "over 1,000 impacted SaaS environments" that were "actively" dealing with the cascading effect of the TeamPCP supply chain attacks. "That 1,000-plus downstream victims will probably expand into another 500, another 1,000, maybe another 10,000," Carmakal said. "And we know that these actors are collaborating with a number of other actors right now."

Meta freezes AI data work after breach puts training secrets at risk

In short: Meta has suspended its collaboration with Mercor, a $10 billion AI data startup, after a supply chain attack exposed what may be the AI industry's most closely guarded secrets: not just personal data, but the training methodologies that power the world's leading large language models. The breach, carried out via a poisoned version of the LiteLLM open-source library, has triggered investigations at OpenAI and Anthropic, and resulted in a class action lawsuit affecting more than 40,000 people. When hackers poisoned a widely used open-source library last month, they did not just steal personal data. According to reporting by Wired, they may have walked out with the blueprints for how some of the world's most powerful AI models are built. Meta has paused its work with Mercor, a San Francisco-based AI data company that generates bespoke training datasets for the biggest names in artificial intelligence, after a cyberattack exposed sensitive information about how the company, and potentially several of its other clients, actually trains its models. The pause is indefinite, and the incident has sent a ripple of anxiety through an industry that has spent billions developing the proprietary methods it was counting on keeping secret. Mercor is not a household name, but it sits at a critical juncture of the AI economy. Founded in 2023 by Brendan Foody, Adarsh Hiremath, and Surya Midha, three Bay Area high school friends who competed together on the Bellarmine College Preparatory Speech and Debate team, the company recruits networks of human contractors, engineers, lawyers, doctors, bankers, and journalists, to produce high-quality, proprietary training data for AI labs. Its clients have included Meta, OpenAI, Anthropic, and Google. The startup's rise has been extraordinary even by Silicon Valley standards. In October 2025, Mercor closed a $350 million Series C round that valued it at $10 billion, minting all three founders as the world's youngest self-made billionaires at the age of 22. By September 2025, the company had reached $500 million in annualised revenue, up from $100 million just six months earlier. Its business model, generating the fine-tuning and reinforcement learning data that AI labs rely on but rarely discuss publicly, made it one of the most valuable private companies in the AI supply chain. That same positioning is now the source of its vulnerability. The attack that reached Mercor originated several steps upstream. According to analysis by Wiz, Snyk, and Datadog Security Labs, a threat actor group known as TeamPCP compromised the CI/CD pipeline of LiteLLM, an open-source Python library used by millions of developers to connect applications to AI services, with 97 million monthly downloads and a presence in an estimated 36% of cloud environments. TeamPCP had earlier used a supply chain attack on Trivy, a widely used security scanner, to obtain credentials belonging to a LiteLLM maintainer. On 27 March 2026, the group used those credentials to publish two malicious versions of the LiteLLM package, 1.82.7 and 1.82.8, directly to PyPI, the Python package repository. The tainted packages were available for roughly 40 minutes before being identified and removed. The payload was sophisticated. Version 1.82.7 embedded base64-encoded malware directly into the library's proxy server code, executing on import. Version 1.82.8 used a malicious path configuration file that triggered automatically on every Python process startup. Both variants were designed to harvest environment variables, API keys, SSH keys, cloud credentials across AWS, Google Cloud, and Azure, Kubernetes configurations, CI/CD secrets, and database credentials, exfiltrating everything to a server at models.litellm[.]cloud. Mercor, which confirmed it was "one of thousands of companies" affected by the attack, subsequently found that the breach had exposed approximately four terabytes of data. According to court filings and claims made by the hacking groups involved, the stolen cache includes 939 gigabytes of platform source code, a 211-gigabyte user database, and roughly three terabytes of video interview recordings and identity verification documents. The exposed information may include the full names and Social Security numbers of more than 40,000 current and former Mercor contractors and customers. The personal data exposure would be troubling enough. But what has alarmed Meta and drawn the attention of other AI labs is a different category of information entirely. Because Mercor sits inside the data pipelines of multiple AI companies simultaneously, the breach may have exposed details about data selection criteria, labeling protocols, and training strategies that companies have spent years and billions of dollars developing. Competitors can replicate a dataset; replicating a training methodology is harder, and it represents a genuine competitive moat. The Wired report notes that the scale of that potential exposure has prompted multiple AI labs to investigate what, precisely, may have left their orbit. OpenAI, which also uses Mercor's services, has said it is investigating the incident but has not paused its current projects with the company. Anthropic, which raised $3 billion in early 2026 and has been expanding its research infrastructure aggressively, has not publicly commented on its exposure. Google, which operates competing data vendor relationships of a similar kind, is also understood to be assessing the breach's scope. The incident illustrates a structural risk that the AI industry has rarely had to confront: when multiple competitors rely on the same third-party data supplier, a single breach can expose the competitive secrets of all of them at once. The threat group Lapsus$, which has previously been linked to high-profile attacks on major corporations, subsequently claimed responsibility for the Mercor breach and began auctioning the stolen data on dark web forums. Security researchers believe Lapsus$ is acting in collaboration with TeamPCP, which has emerged as a systematic threat across the AI and enterprise software ecosystem. The same group is believed responsible for a wave of supply chain compromises affecting more than 1,000 enterprise SaaS environments via the earlier Trivy attack, including a breach of the European Commission attributed by CERT-EU to the same campaign. On 1 April 2026, plaintiff Lisa Gill, a resident of Wahiawa, Hawaii, filed a class action complaint against Mercor.io Corp. in the US District Court for the Northern District of California. The suit alleges that Mercor failed to maintain adequate cybersecurity protections, leaving more than 40,000 people exposed to identity theft and fraud. The complaint states that the LiteLLM incident on 27 March was the entry point and that Mercor's reliance on a compromised open-source dependency without sufficient monitoring created the conditions for the breach. Meta, meanwhile, has said nothing publicly, a silence that speaks volumes. The company signed a $27 billion AI infrastructure deal with Nebius Group in March 2026 and has forecast capital expenditures of between $115 billion and $135 billion for the year, making its AI training pipeline one of its most strategically sensitive assets. Pausing a data vendor relationship, even an important one, is the kind of decision that gets made only when the risk to proprietary methodology outweighs the operational cost of stopping work. The Mercor breach is, in one sense, a conventional supply chain attack: a threat actor found a weak link in an open-source dependency and exploited it for credential theft and data exfiltration. In another sense, it is something newer and more unsettling. The AI industry has built its most valuable intellectual property on top of an interconnected web of data vendors, open-source tools, and shared infrastructure, and that web now constitutes an attack surface that no single company fully controls. Security companies have been warning about precisely this dynamic. Aikido Security, which reached unicorn status in January 2026, built its business on the premise that open-source dependency risk had become existential for enterprise software. The Mercor incident suggests the same logic applies, perhaps more acutely, to the AI training pipeline. For the three young founders who built one of the fastest-growing companies in tech, the coming months will test whether Mercor's extraordinary momentum can survive a breach that exposed not just its users' data, but its clients' most carefully guarded secrets. The AI industry's breakneck 2025 was built on the assumption that the infrastructure underpinning it was secure enough to trust. That assumption is now under review.

Mercor, a $10 billion AI startup, confirms it was caught up in a major security incident | Fortune

Mercor, a startup that provides training data to major AI companies, confirmed that it was the victim of a security breach that may have exposed sensitive company and user data. The three-year old startup, which is valued at $10 billion, recruits experts in fields ranging from medicine to law to literature, to help provide data the improves the capabilities of AI modes. Its customers include Anthropic, OpenAI , and Meta. According to unconfirmed reports circulating online, datasets used by some of Mercor's customers and information about those customers' secretive AI projects may have been compromised in the breach. The incident was linked to a supply chain attack involving LiteLLM, a widely used open-source library for connecting applications to AI services. The company confirmed to Fortune it was "one of thousands of companies" affected by the supply chain attack on LiteLLM, which has been linked to a hacking group called TeamPCP. Mercor spokesperson Heidi Hagberg said that the company had "moved promptly" to contain and remediate the incident and said a third-party forensics investigation was underway. "The privacy and security of our customers and contractors is foundational to everything we do at Mercor," Hagberg said. "We will continue to communicate with our customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible." Mercor is widely-considered one of Silicon Valley's hottest startups, having raised a $350 million in a Series C round led by venture capital firm Felicis Ventures last October. The TeamPCP hacking group planted malicious code inside LiteLLM, a tool used by developers to plug their applications into AI services from companies including OpenAI and Anthropic, that is typically downloaded millions of times per day, according to security firm Snyk. The code was designed to harvest credentials and spread widely across the industry before it was identified and removed within hours of discovery. Lapsus$, a notorious extortion hacking gang, later claimed it had targeted Mercor and accessed its data. It's not immediately clear how the gang obtained the data, and Mercor did not respond to specific questions from Fortune about the hacking group's claims. TeamPCP is thought to have recently begun collaborating with Lapsus$ as well as other groups that specialize in ransomware and extortion, according to security researchers from the cybersecurity firm Wiz quoted in a story in Infosecurity Magazine. TeamPCP is known for engineering so-called "supply chain attacks," in which malware is planted inside code bases or software libraries that are widely used by programmers when writing their own code. Lapsus$, by contrast, is an older hacking group, known for social engineering and phishing attacks that focus on stealing user login credentials and then using those credentials to gain access to and steal sensitive data. Lapsus$ has published samples of allegedly stolen data on its leak site, according to TechCrunch, including what appeared to be Slack data, internal ticketing information, and two videos purportedly showing conversations between Mercor's AI systems and contractors on its platform. Lapsus$ claims to have obtained as much as four terabytes of data in total, including source code and database records. A single terabyte is approximately as much data as in 1,000 hours of video or 1,000 copies of the Encyclopedia Britannica. Mercor may be an early indicator of a coming wave of extortion attempts stemming from the supply chain attack. TeamPCP has publicly stated its intention to partner with ransomware and extortion groups to target affected companies at scale, according to cybersecurity trade publication Cybernews. If true, that strategy would mirror campaigns carried out in the past by hacking groups. In 2023, an attack from the Cl0p ransomware gang that exploited a vulnerability in MOVEit, a widely used file transfer tool, breached hundreds of organizations simultaneously, ultimately affecting nearly 100 million individuals across government agencies, financial institutions, and healthcare providers. Extortion attempts from that campaign dragged on for months.

Meta Said to Pause Work With Mercor Following Data Breach Incident

The incident reportedly involved the open-source project LiteLLM Meta has reportedly paused all work with artificial intelligence (AI) recruitment company Mercor after the company was hit by a cyberattack last week. As per the report, the Menlo Park-based tech giant was among the biggest clients of the startup that hires subject matter experts to validate and run quality analysis on large language models' output. The cyberattack suffered by Mercor allegedly resulted in a large-scale data breach, and a group claimed to have stolen hundreds of gigabytes of data from the company. Mercor is currently investigating the incident. Meta Reportedly Pauses Work With Mercor According to a Wired report, the tech giant has decided to pause all work with Mercor after the security incident. Citing two unnamed sources familiar with the matter, the publication claimed that the pause is indefinite, and other major AI companies are also reevaluating their work with the AI recruitment firm after the cyberattack. Mercor, founded in 2023, is an AI recruitment company that hires domain experts. The company has partnered with several AI companies, such as Anthropic and OpenAI, and runs quality checks on the responses generated by their LLMs. Most AI companies outsource such work to both validate the performance of their AI models and to help improve their responses. The startup raised $350 million (roughly Rs. 3,257 crore) in its Series C funding round in October 2025, at a valuation of $10 billion (roughly Rs. 93,067 crore). In a statement, the company said that it had identified that it was one of the many companies impacted by a supply chain attack that involved LiteLLM. "We are conducting a thorough investigation supported by leading third-party forensics experts. We will continue to communicate with our customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible," it added. Meanwhile, cybercrime tracker Dark Web Informer shared a screenshot of the home page of the LAPSUS$ Group, highlighting that the cyberattackers took responsibility for the attack. The group allegedly claimed that it had stolen nearly 4TB of data, which includes 211GB of database, 939GB of source code, and 3TB of bucket data. It is allegedly now auctioning the data. The validity of the claims could not be verified.

AI recruiting startup Mercor hit by cyberattack; Meta halts collaboration

As per media reports, Mercor was among thousands of firms affected by the compromise of LiteLLM. Even as Mercor has claimed that the malicious code was detected and removed, the breach drew attention because LiteLLM is widely used. LiteLLM has since strengthened its compliance measures, switching from the controversy-hit compliance startup Delve to Vanta for certifications. A few days ago, artificial intelligence (AI) recruiting startup Mercor confirmed it was hit by a security incident linked to the open-source tool LiteLLM. Media reports indicate Mercor was among thousands of firms affected by the compromise of LiteLLM, attributed to a hacking group called TeamPCP. The extortion group Lapsus$ has claimed responsibility, publishing stolen data samples on its leak site, according to TechCrunch. These included Slack messages, internal ticket records, and two videos showing Mercor's AI interacting with contractors. However, it remains unclear how Lapsus$ obtained Mercor's data during the attack. Mercor said the malicious code was swiftly detected and removed. Nevertheless, the breach drew attention because LiteLLM is widely used, with millions of daily downloads, said TechCrunch, citing security firm Snyk. LiteLLM has since strengthened its compliance measures, switching from the now-controversial compliance startup Delve to Vanta for certifications. Founded in 2023, Mercor connects companies, including OpenAI, Meta, and Anthropic, with domain experts such as scientists, doctors, and lawyers, primarily from India. The platform processes more than $2 million in daily payouts. Mercor was valued at $10 billion after a $350 million Series C round led by Felicis Ventures in October last year. Following the breach, Meta has paused its work with Mercor and is investigating, with no timeline for resuming collaboration, according to Wired. Other AI firms are reviewing their engagements while the scope of the incident is assessed. "Our security team moved promptly to contain and remediate the incident," Mercor said, as quoted by Business Insider. "We are conducting a thorough investigation supported by leading third-party forensic experts." Security analysts warn Mercor may be an early target in a wave of extortion attempts stemming from the LiteLLM compromise. TeamPCP has said it plans to collaborate with ransomware groups to target affected companies more broadly, according to cybersecurity trade publication Cybernews. If implemented, this would follow patterns seen in prior large-scale cyberattacks.

Meta Halts Work With Mercor After Major Breach, While ChatGPT-Parent OpenAI Investigates Incident: Report

Meta Platforms, Inc. (NASDAQ:META) has reportedly paused its work with data contractor Mercor following a major security breach. Meta Freezes Mercor Work Amid Security Concerns The suspension is indefinite, with sources indicating other AI labs are also reevaluating ties with Mercor, Wired reported last week, citing two sources. Mercor plays a critical role in building custom datasets used to train advanced AI systems. Meta did not immediately respond to Benzinga's request for comments. OpenAI Investigates, Says User Data Not Impacted OpenAI, the parent of ChatGPT, has not halted its projects with Mercor but is investigating the incident. A spokesperson told the publication that the breach in no way affects OpenAI user data, though the company is reviewing whether its proprietary datasets were exposed. OpenAI and Anthropic did not immediately respond to requests for comment. Supply Chain Hack Linked To LiteLLM Compromise The breach appears tied to a compromise of LiteLLM, a widely used AI integration tool. Cybercriminal group TeamPCP is believed to be behind the attack, which may have impacted thousands of organizations in a broader supply chain campaign. In an email to staff on March 31, Mercor said, "There was a recent security incident that affected our systems along with thousands of other organizations worldwide." Confusion Over Hacker Claims, Worker Impact Emerges A group using the name Lapsus$ also claimed responsibility, though researchers dispute the link, the report said. However, researchers note that multiple cybercriminal groups now intermittently adopt the Lapsus$ name. They said, Mercor's confirmation of a LiteLLM link suggests the breach was likely carried out by TeamPCP or an affiliated actor. Mercor did not immediately respond to Benzinga's request for comments Price Action: META shares closed at $574.46 on Thursday, down 0.82%, according to Benzinga Pro. Benzinga Edge Stock Rankings show Meta remains in a downtrend across short, medium and long-term time frames, despite placing in the 90th percentile for Quality. Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors. Photo: PJ McDonnell / Shutterstock Market News and Data brought to you by Benzinga APIs To add Benzinga News as your preferred source on Google, click here.