Meta Pauses Work With AI Data Vendor Mercor After Major Security Breach Exposes Training Secrets

Meta has paused all work with AI data contracting firm Mercor following a major security breach that could have exposed closely guarded secrets about how major AI labs train their models.

Mercor is one of a handful of firms that OpenAI, Anthropic, and other leading AI labs rely on to generate proprietary training datasets through networks of human contractors. The data is considered among the most sensitive in the AI industry, as it reveals key details about model training methodologies.

The breach appears connected to TeamPCP, an attacker who compromised two versions of the AI API tool LiteLLM in a broader supply chain hacking spree. A group claiming to be Lapsus$ also offered to sell alleged Mercor data on dark web forums, including a 200GB database and nearly 1TB of source code.

Meta's pause is indefinite, and contractors staffed on Meta projects cannot log hours until the projects resume. OpenAI has not stopped its Mercor work but is investigating the scope of data exposure. An OpenAI spokesperson confirmed the incident does not affect user data.

The breach highlights the growing security vulnerabilities in the AI supply chain, where a handful of specialized data vendors sit at the intersection of multiple competing AI labs' most valuable intellectual property.