Meta Halts AI Data Partner Mercor After Major Security Breach Exposes Training Data Across Top AI Labs

Meta has indefinitely halted work with AI data firm Mercor following a massive security breach linked to threat actor TeamPCP, who compromised AI tool LiteLLM in a supply chain attack potentially exposing sensitive training data across top AI labs including OpenAI, while a group falsely claiming to be Lapsus$ attempts to sell over 200GB of stolen data on the dark web.

• Meta indefinitely pauses all work with AI data contracting firm Mercor following a major security breach, while other major AI labs including OpenAI are also investigating the incident's impact on their proprietary training data.
• A threat actor known as TeamPCP is believed to be behind the breach, having compromised two versions of the AI API tool LiteLLM in a large-scale supply chain attack, potentially exposing thousands of organizations and sensitive AI training datasets.
• A group claiming to be Lapsus$ is attempting to sell alleged stolen Mercor data on dark web forums, including over 200GB of databases and nearly 1TB of source code, though security researchers say the claim is likely false and unconnected to the original Lapsus$ group.