Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has indefinitely suspended its partnership with data contractor Mercor while investigating a significant security breach that threatens to expose proprietary AI training data. The incident, which also has other major AI labs like OpenAI and Anthropic reevaluating their contracts, stems from a supply-chain attack where hackers compromised two versions of the AI API tool LiteLLM. Mercor is a key player in the secretive ecosystem that generates bespoke, proprietary datasets used to train foundational models such as GPT-4 and Claude. The exposed data could potentially reveal core competitive intelligence about how these leading labs build their AI systems.

The breach was claimed by a group using the infamous Lapsus$ name, offering to sell over 200 GB of databases and terabytes of source code. However, security researchers attribute the attack to the financially motivated group TeamPCP, which has been on a recent hacking spree. The incident has left contractors on Meta's 'Chordus' initiative—a project to teach AI models to verify responses—effectively out of work. It underscores the immense risks posed by the industry's reliance on a handful of secretive data firms, whose security practices are now under intense scrutiny as the race for AI supremacy intensifies.