Home / Technology
Meta suspends partnership with Mercor following massive AI data breach
Security experts link the Mercor breach to a supply chain attack on LiteLLM
Meta has indefinitely suspended its partnership with the $10 billion data contracting startup Mercor following a significant security breach that has sent shockwaves through the artificial intelligence industry.
The decision comes after Mercor revealed it was one of thousands of organisations impacted by a sophisticated supply chain attack.
The breach has prompted major AI labs, including OpenAI and Anthropic, to urgently evaluate the potential exposure of their highly confidential training methodologies and proprietary datasets.
The cyberattack has been traced back to compromised updates of an open-source AI tool called LiteLLM, which was reportedly infected with malicious code by a hacking collective known as TeamPCP.
While Mercor stated it moved quickly to contain the incident with third-party forensic experts, the breach reportedly allowed for the exfiltration of sensitive internal communications and data selection criteria.
OpenAI has clarified that while it is investigating the matter, no user data was compromised; however, the "human touch" of the situation is being felt by hundreds of contractors.
Those staffed on Meta-related projects currently find themselves unable to log billable hours as systems remain offline.
Mercor plays a pivotal role in the AI ecosystem by leveraging a vast network of human experts to generate high-quality training data.
This data is considered essential intellectual property, as it reveals the specific strategies used to refine advanced algorithms.
Security researchers warn that the stolen information could provide competitors with deep insights into the training protocols that firms have spent billions of pounds developing over several years.
As the investigation continues, the hacking group Lapsus$ has also claimed to have obtained up to 4TB of data from Mercor's systems.
The incident underscores a critical vulnerability in the AI supply chain, highlighting how a single compromised vendor can jeopardise the security of the world's most prominent technology companies.
