Mercor is temporarily suspended after a data breach put AI industry secrets at risk

Meta has paused all of its work with data contracting firm Mercor while it investigates a major security breach affecting the startup, two sources confirmed to WIRED. The sources said that the suspension is indefinite. Other major AI labs are also reevaluating their work with Mercur as they assess the scope of the incident, according to people familiar with the matter.

Mercor is one of the few companies that OpenAI, Anthropic, and other AI labs rely on to generate training data for their models. The company hires huge networks of human contractors to create private, custom data sets for these labs, which are usually kept top secret because they are a key ingredient in the recipe for creating valuable AI models that power products like ChatGPT and Cloud Code. AI labs are sensitive to this data because it could reveal to competitors — including other AI labs in the U.S. and China — key details about the ways they train AI models. It is unclear at this time whether the data revealed in the Mercor hack will meaningfully help the competitor.

Although OpenAI has not halted its current projects with Mercor, it is investigating the startup’s security incident to find out how its training data was exposed, a company spokesperson confirmed to WIRED. The spokesperson says the incident in no way affects OpenAI user data. Anthropic did not immediately respond to WIRED’s request for comment.

Mercure confirmed the attack in an email to employees on March 31. “There was a recent security incident that affected our systems as well as thousands of other organizations around the world,” the company wrote.

A Mercur employee echoed those points in a letter to contractors on Thursday, WIRED has learned. Contractors employed on Meta projects cannot log working hours until – and if – the project resumes, meaning they could be functionally out of work, a familiar source claims. The company is working to find additional projects for those affected, according to internal conversations reviewed by WIRED.

Mercur contractors were not told specifically why their descriptive projects were being paused. In a Slack channel related to the Chordus initiative — a meta-specific project to teach AI models to use multiple Internet sources to verify their responses to user queries — the project lead told employees that Mercor is “currently re-evaluating the scope of the project.”

It appears that an attacker known as TeamPCP recently compromised two versions of the AI ​​API tool LiteLLM. The breach exposed companies and services that included LiteLLM and installed tainted updates. There may be thousands of victims, including other major AI companies, but the Merkur hack demonstrates the sensitivity of the compromised data.

Mercor and its competitors — such as Surge, Handshake, Turing, Labelbox, and Scale AI — have gained a reputation for being incredibly secretive about the services they provide to major AI labs. It is rare to see the CEOs of these companies talk publicly about the specific work they provide, and internally use code names to describe their projects.

Adding to the confusion over the hack, a group with the better-known name Lapsus$ claimed this week to have hacked Mercor. On the Telegram account and on the BreachForums clone, the actor offered to sell a trove of alleged Mercor data, including a database of more than 200 gigabytes, nearly 1 terabyte of source code, 3 terabytes of video and other information. But researchers say several cybercriminal groups now regularly use the name Lapsus$ and that Mercor’s confirmation of the LiteLLM connection means the attacker is most likely TeamPCP or a representative connected to the group.

TeamPCP appears to have compromised two LiteLLM updates as part of a larger supply chain hack wave in recent months that has been gaining momentum, pushing TeamPCP to the forefront. While launching data extortion attacks and working with ransomware groups, like the one known as Vect, TeamPCP also veered into political territory, deploying a data-wiping worm known as “CanisterWorm” through vulnerable cloud instances with Persian as the default language or clocks set to the Iran time zone.

“TeamPCP’s motives are almost certainly financial,” says Alan Liska, an analyst at security firm Recorded Future who specializes in ransomware. “There may be some geopolitical issues as well, but it’s hard to determine what’s real and what’s a threat, especially with a new group like this.”

Looking at dark web posts of alleged Mercor data, Leska adds: “There is absolutely nothing linking this to the original Lapsus$.”