Meta has suspended all work with data outsourcing company Mercor while it investigates a major security breach that affected the startup, two sources confirmed to WIRED. The pause is indefinite, the sources said. Other large AI laboratories are also reevaluating their work with Mercor as they assess the scope of the incident, according to people familiar with the matter.
Mercor is one of the few companies to OpenAI, Anthropicand other AI labs rely on them to generate training data for their models. The company leverages massive networks of human contractors to generate proprietary datasets tailor-made for these labs, which are typically kept highly secret because they are a critical ingredient in the recipe for generating valuable AI models that power products like ChatGPT and Claude Code. AI labs are sensitive to this data because it can reveal key details about how they train AI models to their competitors, including other AI labs in the United States and China. It is unclear at this time whether the data exposed in the Mercor breach could significantly help a competitor.
While OpenAI has not stopped its ongoing projects with Mercor, it is investigating the startup’s security incident to see how its proprietary training data may have been exposed, a company spokesperson confirmed to WIRED. The spokesperson claims, however, that the incident does not affect OpenAI user data in any way. Anthropic did not immediately respond to WIRED’s request for comment.
Mercor confirmed the attack in an email to staff on March 31. “There was recently a security incident that affected our systems as well as thousands of other organizations around the world,” the company wrote.
A Mercor employee echoed those points in a message to contractors Thursday, WIRED has learned. Contractors who worked on Meta projects cannot log hours until the project resumes, meaning they could find themselves functionally out of work, a close source claims. The company is working to find additional projects for those affected, according to internal conversations viewed by WIRED.
Mercor contractors were not informed exactly why their Meta projects were on hold. In a Slack channel related to the Chordus initiative — a Meta-specific project aimed at teaching AI models to use multiple Internet sources to verify their responses to user queries — a project manager told staff that Mercor is “currently re-evaluating the scope of the project.”
An attacker known as TeamPCP appears to have recently compromised two versions of the AI API tool LiteLLM. The breach exposed companies and services that integrated LiteLLM and installed the corrupted updates. There could be thousands of victims, including other major AI companies, but the breach at Mercor illustrates the sensitivity of compromised data.
Mercor and its competitors, such as Surge, Handshake, Turing, Labelbox and Scale AI, have developed a reputation for being incredibly secretive about the services they offer to major AI labs. It’s rare to see the CEOs of these companies speaking publicly about the specific work they offer, and they use code names internally to describe their projects.
Adding to the confusion around the hack is a group with the well-known name Autumn claimed this week to have raped Mercor. In a Telegram account and on a BreachForums clone, the actor offered to sell a bundle of purported Mercor data, including a database of more than 200 GB, almost 1 TB of source code and 3 TB of video and other information. But researchers say many cybercriminal groups now periodically adopt the Lapsus$ name and that Mercor’s confirmation of the LiteLLM connection means the attacker is likely TeamPCP or an actor connected to the group.
TeamPCP appears to have compromised both LiteLLM updates as part of an even larger supply chain hack wave over the past few months that has gained momentum, catapulting TeamPCP into the spotlight. And while launching data extortion attacks and working with ransomware groups, such as the group known as Vect, TeamPCP has also strayed into political territory, spreading a data-wiping worm known as “CanisterWorm” through vulnerable cloud instances with Farsi as the default language or clocks set to Iran’s time zone.
“TeamPCP is definitely financially motivated,” says Allan Liska, an analyst at ransomware security firm Recorded Future. “There may also be geopolitical elements, but it’s difficult to determine what’s real and what’s bluster, especially with such a new group.”
Looking at dark web postings of purported Mercor data, Liska adds: “There is absolutely nothing connecting this to the original Lapsus$. »
