Meta Pauses Mercor Work After AI Data Breach
AI recruiting startup Mercor, valued at $10 billion, confirmed a significant cyberattack, leading Meta to indefinitely suspend all collaborations. The breach, linked to a compromised open-source tool, exposed sensitive AI training data and contractor information, affecting thousands of global companies including those in India.
Key Highlights
- Meta indefinitely suspended all projects with AI recruiting startup Mercor.
- Mercor, valued at $10 billion, confirmed a major supply chain cyberattack.
- Breach stemmed from malicious code injected into the LiteLLM open-source project.
- Sensitive data exfiltrated includes AI training methodologies and contractor information.
- The incident impacts thousands of global companies, with significant relevance to Indian contractors.
- Hacking groups TeamPCP and Lapsus$ are linked to the widespread compromise.
Meta has indefinitely suspended all collaborations with Mercor, a prominent AI recruiting startup valued at $10 billion, following a major security breach confirmed by Mercor itself. This decision by Meta, a key client of Mercor, underscores the severe implications of the cyberattack which has sent ripples across the artificial intelligence industry.
The security incident at Mercor originated from a sophisticated supply chain attack involving malicious code injected into the widely used open-source LiteLLM project. LiteLLM is a popular Python library that enables communication between various AI models and services, making its compromise a high-leverage attack vector. Security researchers attribute the initial compromise of LiteLLM to the hacking group TeamPCP, which reportedly used compromised maintainer credentials to publish malicious package versions. Subsequently, the extortion hacking group Lapsus$ claimed responsibility for exfiltrating a substantial amount of data from Mercor, sharing samples of allegedly stolen information on its leak site.
The compromised data is extensive and highly sensitive. Reports indicate that the stolen cache includes Slack communications, internal ticketing system information, and videos purportedly showing interactions between Mercor's AI systems and platform contractors. More critically, hackers claim to have obtained approximately four terabytes of Mercor's data, including 939 gigabytes of platform source code, a 211-gigabyte user database, and about three terabytes of video interview recordings and identity verification documents. This exposure raises significant concerns about the potential leak of proprietary AI training methodologies and even 'AI industry secrets' that companies like Meta, OpenAI, and Anthropic have invested billions in developing.
Mercor confirmed that it was one of thousands of organizations impacted by the LiteLLM supply chain attack. The company, founded in 2023, rapidly grew to a $10 billion valuation after a $350 million Series C funding round in October 2025. It plays a crucial role in the AI ecosystem by connecting specialized domain experts—including scientists, doctors, and lawyers—with AI labs requiring high-quality training data and model validation. This service involves processing over $2 million in daily payouts to more than 30,000 contractors globally.
Notably, a significant portion of Mercor's contractor network is primarily from India. This direct connection means that the data breach has substantial relevance for an Indian audience, as the exposed information may include professional credentials, payment details, and personally identifiable information of Indian contractors. The ongoing situation has already affected contractors working on Meta-related projects, who have reported being unable to log their work hours, leading to work shortages for some individuals. Furthermore, the breach has led to a class-action lawsuit affecting more than 40,000 current and former Mercor contractors and customers.
In response to the incident, Mercor stated that its security team moved promptly to contain and remediate the breach and is conducting a thorough investigation supported by leading third-party forensic experts. However, Meta's indefinite suspension of work signals heightened scrutiny within the AI industry regarding third-party vendor security. Other major AI labs, including OpenAI and Anthropic, which also utilize Mercor's services, are reportedly reassessing their relationships and investigating their potential exposure to the breach. Google is also understood to be assessing the breach's scope.
This incident highlights systemic vulnerabilities in modern software ecosystems and the critical risks associated with dependencies on open-source infrastructure in core business operations, particularly within the rapidly evolving AI sector. The concentrated risk in shared infrastructure components means that a single compromise can cascade across an entire industry, prompting calls for more robust vendor risk management, security audits of third-party libraries, and stricter controls over components with production access. The long-term implications could include slower development cycles initially but may also drive significant investment in supply chain security tools and practices across the AI industry.
Frequently Asked Questions
What is Mercor and why is Meta pausing work with it?
Mercor is a $10 billion AI recruiting startup that connects domain experts with AI companies to train their models. Meta paused its collaboration due to a significant cyberattack on Mercor, which may have exposed sensitive AI training data and contractor information.
What caused the Mercor data breach?
The breach at Mercor was a supply chain attack involving malicious code injected into LiteLLM, a widely used open-source Python library for AI developers. The hacking group TeamPCP is linked to the LiteLLM compromise, with Lapsus$ claiming responsibility for exfiltrating Mercor's data.
What kind of data was stolen in the Mercor hack?
The stolen data reportedly includes Slack communications, internal ticketing systems, videos of AI-contractor interactions, Mercor's source code, databases, VPN account information, and potentially sensitive AI training methodologies and contractor details, including professional credentials and payment information.
How does this breach affect India?
Mercor primarily sources its network of domain experts from India. Therefore, the data breach directly impacts a significant number of Indian contractors whose personal and professional data may have been exposed. Contractors working on Meta-related projects have already reported disruptions in their work.
What are the broader implications for the AI industry?
The incident highlights critical vulnerabilities in the AI supply chain and the risks associated with relying on open-source tools. It will likely lead to increased scrutiny of third-party vendor security, more robust risk management, and potentially accelerate investments in cybersecurity practices across the AI industry to protect sensitive training data and methodologies.
