Meta has suspended all work with data contracting firm Mercor while it investigates a major security breach that impacted the startup, two sources confirmed to WIRED. Sources say the break is indefinite. Other major artificial intelligence labs are also re-evaluating their work with Mercor as they assess the scope of the incident, according to people familiar with the matter.
Mercor is one of the few companies where OpenAI, Anthropic and other AI labs generate training data for their models. The company employs enormous networks of contractors to generate customized, proprietary datasets for these labs, which are typically kept top secret because they are a fundamental ingredient in the recipe for generating valuable artificial intelligence models that power products like ChatGPT and Claude Code. AI labs are sensitive to this data because it could reveal to competitors – including other AI labs in the US and China – key details about how they train AI models. It is currently unclear whether the data disclosed in the Mercor breach would significantly facilitate the competitor.
While OpenAI has not stopped its ongoing projects with Mercor, it is investigating the startup’s security incident to see how its proprietary training data may have been exposed, a company spokesperson confirmed to WIRED. However, the spokesperson says the incident has no impact on OpenAI user data. Anthropic did not immediately respond to WIRED’s request for comment.
Mercor confirmed the attack in an email to employees on March 31. “The recent security incident impacted our systems and those of thousands of other organizations around the world,” the company wrote.
As WIRED learned, a Mercor employee repeated these comments in a message to contractors on Thursday. Contractors employed on Meta projects cannot log hours until – and if – the project resumes, meaning they could be functionally unemployed, a source familiar with the matter claims. The company is working to find additional projects for those affected by the outage, according to internal conversations viewed by WIRED.
Mercor contractors were not told exactly why their Meta projects were stopped. In a Slack channel related to the Chordus initiative – a Meta-based project aimed at training AI models to apply multiple online sources to verify answers to user queries – the project manager told employees that Mercor was “currently re-evaluating the scope of the project.”
An attacker known as TeamPCP appears to have recently compromised two versions of LiteLLM’s AI API tool. The breach exposed companies and services using LiteLLM and installed tainted updates. There may be thousands of victims, including other huge AI companies, but the Mercor breach illustrates the sensitivity of compromised data.
Mercor and its competitors — such as Surge, Handshake, Turing, Labelbox and Scale AI — have developed a reputation for being extremely secretive about the services they offer to major AI labs. It’s infrequent for CEOs of these companies to speak publicly about the specific work they offer, and internally they apply codenames to describe their projects.
Adding to the confusion surrounding the hack, a group operating under the well-known name Lapsus$ said this week that it had compromised Mercor. On the Telegram account and the BreachForums clone, the actor offered to sell a number of alleged Mercor data, including a database of over 200 GB, almost 1 TB of source code, and 3 TB of video files and other information. However, researchers say that many cybercrime groups are now periodically adopting the name Lapsus$ and that Mercor’s confirmation of the LiteLLM connection means that the attacker is likely TeamPCP or an actor associated with the group.
TeamPCP appears to have compromised two LiteLLM updates as part of an even larger supply chain hacking frenzy in recent months that has been gathering pace, bringing TeamPCP to prominence. And by launching phishing attacks and working with ransomware groups like the group known as Vect, TeamPCP also entered political territory by spreading a data erasure worm known as “CanisterWorm” through vulnerable cloud instances with Farsi as the default language or clocks set to the Iranian time zone.
“TeamPCP is definitely financially motivated,” says Allan Liska, an analyst at security firm Recorded Future, which specializes in ransomware. “There may be some geopolitical issues as well, but it’s hard to tell what’s true and what’s nonsense, especially with such a new group.”
Looking at posts on the dim web regarding Mercor’s alleged data, Liska adds: “There is absolutely nothing connecting this to the original Lapsus$.”