Mercor is one of the few companies that OpenAI, Anthropic, and other AI labs trust to prepare training data for their models. The company hires vast networks of human contractors to prepare special, proprietary datasets for these labs, which are typically kept top secret because they are a core ingredient in the recipe for generating valuable AI models that power products like ChatGPIT and Cloud Code. AI labs are sensitive about this data because it could tell competitors – including other AI labs in the US and China – important details about how AI models are trained. It is unclear at this time whether the data exposed in the Mercor breach will meaningfully help a competitor.
Although OpenAI has not shut down its current projects with Mercor, it is investigating the startup’s security incident to determine how its proprietary training data may have been exposed, a spokesperson for the company confirmed to WIRED. However, the spokesperson says the incident does not impact OpenAI user data in any way. Anthropic did not immediately respond to WIRED’s request for comment.
Mercor confirmed the attack in an email to employees on March 31. “There was recently a security incident that impacted our systems, along with those of thousands of other organizations around the world,” the company wrote.
A Mercor employee reiterated these points in a message sent to contractors on Thursday, WIRED has learned. Contractors who were assigned staff on Meta projects cannot log in until the project restarts, meaning they could be functionally out of work, a source familiar claims. According to internal conversations seen by WIRED, the company is working on finding additional projects for those affected.
Mercor contractors were not told exactly why their META projects were being stopped. In a Slack channel related to the Chords initiative – a meta-specific project to teach AI models to use multiple Internet sources to verify answers to user questions – a project lead told staff that Mercor was “currently re-evaluating the scope of the project.”
It appears that an attacker named TeamPCP has recently compromised two versions of the AI API tool LightLLM. The breach exposed companies and services that included LiteLLM and installed tainted updates. There may be thousands of victims, including other major AI companies, but the breach at Mercor shows the sensitivity of the compromised data.
Mercor and its competitors – such as Surge, Handshake, Turing, Labelbox and Scale AI – have developed a reputation for being incredibly secretive about the services they offer to major AI labs. It’s rare to see the CEOs of these companies speak publicly about the specific work they offer, and they use codenames internally to describe their projects.
Adding to the confusion about the hack, a group going by the pseudonym Lapsus$ claimed this week that it had breached Mercor. On the Telegram account and BreachForums clone, the actor offered to sell a range of alleged Merker data, including over 200 GB of databases, approximately 1 TB of source code and 3 TB of video and other information. But researchers say several cybercriminal groups now take the Lapsus$ name from time to time, and Mercor’s confirmation of the LiteLLM connection means the attacker is likely TeamPCP or an actor linked to the group.
TeamPCP appears to have compromised two LiteLLM updates as part of a larger supply chain hacking spree that has been gathering momentum in recent months, bringing TeamPCP to prominence. And while launching data extortion attacks and working with ransomware groups, such as the group known as Vect, TeamPCP has also strayed into political territory, spreading a data wiping worm called “Canisterworm” through vulnerable cloud instances with Persian set to Iran’s time zone.
“TMCP is definitely financially motivated,” says Alan Liska, an analyst at Recorded Future, a security firm that specializes in ransomware. “There may also be some geopolitical things going on, but it’s hard to determine what’s real and what’s pretend, especially with this new group.”
Looking at dark-web posts of the alleged Mercor data, Liska says, “There’s nothing that connects it to the original Lapsus$.”
<a href