Meta Halts Collaboration with Mercor Following Data Breach Threatening AI Industry Confidentiality

Meta has halted all collaborations with the data contracting firm Mercor amid an investigation into a significant security breach that affected the startup, according to two sources who spoke to WIRED. The halt is indefinite, the sources noted. Other leading AI laboratories are also reassessing their partnerships with Mercor as they evaluate the extent of the breach, according to insiders.

Mercor is one of the few companies that OpenAI, Anthropic, and other AI labs depend on for generating training data for their models. The firm employs extensive networks of human contractors to create custom, proprietary datasets for these labs, which are generally kept confidential as they are essential for producing valuable AI models that drive products like ChatGPT and Claude Code. AI labs are particularly protective of this data due to the risk of revealing critical information about their training methods to competitors, including other AI labs in the US and China. It remains unclear whether the data compromised in Mercor’s breach would significantly benefit a competitor.

While OpenAI has not yet suspended its ongoing projects with Mercor, it is investigating the startup’s security situation to determine how its proprietary training data might have been compromised, a spokesperson for the company confirmed to WIRED. The spokesperson stated that this incident has no impact on OpenAI user data. Anthropic did not respond immediately to WIRED’s request for a comment.

Mercor acknowledged the breach in an email to its employees on March 31. “There was a recent security incident that affected our systems along with thousands of other organizations globally,” the company communicated.

A Mercor employee reiterated these points in a message to contractors on Thursday, as reported by WIRED. Contractors assigned to Meta projects are currently unable to log hours until—or if—the project resumes, leaving them effectively without work, a source close to the situation claims. The company is seeking additional assignments for those affected, according to internal discussions reviewed by WIRED.

Contractors at Mercor were not explicitly informed about the reasons for the pause on their Meta projects. In a Slack channel related to the Chordus initiative—a Meta-specific project aimed at teaching AI models to utilize multiple internet sources to verify user query responses—a project lead informed team members that Mercor was “currently reassessing the project scope.”

An attacker known as TeamPCP has reportedly compromised two versions of the AI API tool LiteLLM. This breach exposed various companies and services that use LiteLLM and installed the affected updates. The number of victims could be in the thousands, including other major AI firms, highlighting the sensitivity of the compromised data.

Mercor and its competitors—like Surge, Handshake, Turing, Labelbox, and Scale AI—are known for being extremely secretive about the services they provide to significant AI labs. Public appearances by the CEOs of these firms discussing specific projects are rare, and they often use codenames internally to refer to their efforts.

Further complicating the situation, a group that goes by the well-known name Lapsus$ claimed this week to have breached Mercor. On a Telegram channel and a BreachForums clone, the actor offered to sell a variety of purported Mercor data, including a database of over 200 GB, nearly 1 TB of source code, and 3 TB of videos and other materials. However, researchers indicate that many cybercriminal organizations periodically adopt the Lapsus$ moniker, and Mercor’s confirmation of the LiteLLM connection suggests that the attacker is likely TeamPCP or someone associated with that group.

TeamPCP seems to have compromised the two LiteLLM updates as part of a larger trend of supply chain hacking that has gained momentum in recent months, raising TeamPCP’s profile. In addition to orchestrating data extortion attacks and collaborating with ransomware groups such as Vect, TeamPCP has also ventured into political tactics, deploying a data-wiping worm called “CanisterWorm” through vulnerable cloud instances defaulting to Farsi or operating on Iran’s time zone.

“TeamPCP is undoubtedly driven by financial motives,” says Allan Liska, an analyst from the security firm Recorded Future specializing in ransomware. “There may be some geopolitical elements involved, but it’s challenging to distinguish reality from theatrics, particularly with a group this new.”

Examining the dark-web posts containing the alleged Mercor data, Liska notes, “There is absolutely nothing linking this to the original Lapsus$.”