AI data company Mercor confirmed it has suffered a significant data breach involving clients such as OpenAI and Anthropic

According to Fortune, the startup Mercor, which provides training data for AI companies like OpenAI, Anthropic, and Meta, has confirmed a significant security breach. The incident originated from a supply chain attack on the open-source library LiteLLM, which is widely used by developers to connect AI services, with millions of downloads per day.

The attack was initiated by the hacker group TeamPCP, which implanted malicious code in LiteLLM to steal credentials. Another hacker group, Lapsus$, subsequently claimed to have obtained up to 4TB of data from Mercor, including source code, database records, internal Slack communications, and platform conversation videos. According to unverified reports, datasets from some of Mercor's clients and confidential information about their AI projects may have been leaked. Mercor stated that it has taken swift action to contain the situation and has initiated a third-party forensic investigation.