Two sources confirmed to WIRED that Meta has halted all ongoing work with data contracting firm Mercor, while the tech giant investigates a major security breach that impacted the startup. The sources added that the collaboration pause is indefinite. According to multiple people familiar with the situation, other leading AI labs are also reevaluating their existing partnerships with Mercor as they map out the full scope of the security incident.
Mercor is one of a handful of vendors that top AI labs including OpenAI and Anthropic rely on to produce custom training data for their large models. The company builds massive networks of human contractors to generate bespoke, private datasets for these labs, which are almost always held as tightly guarded secrets. These datasets are a core component of building high-value AI models that power popular tools like ChatGPT and Claude Code, so AI labs treat the information as extremely sensitive: leaked datasets can reveal key details of their model training approaches to competitors, including other leading AI teams based in the U.S. and China. At this stage, it remains unclear whether any data exposed in Mercor’s breach would deliver a meaningful advantage to competing firms.
An OpenAI spokesperson confirmed to WIRED that while the company has not paused its active projects with Mercor, it is investigating the startup’s security incident to assess whether any of its proprietary training data was compromised. The spokesperson also emphasized that the incident does not impact any user data stored by OpenAI. Anthropic did not immediately respond to WIRED’s request for comment on the breach.
Mercor first confirmed the attack to its employees in an email sent on March 31. “There was a recent security incident that affected our systems along with thousands of other organizations worldwide,” the company wrote in the internal note.
WIRED has obtained a Thursday message sent to contractors from a Mercor employee that echoed this confirmation. A source familiar with the situation claims contractors assigned to Meta projects are currently blocked from logging work hours until (and if) the projects resume, leaving many effectively out of work for the time being. Per internal company conversations reviewed by WIRED, Mercor is working to find new open projects for these affected contractors.
Mercor contractors have not been given a specific explanation for the pause of Meta-linked work. In a Slack channel for the Chordus initiative — a Meta-specific project that trains AI models to cross-verify their responses to user queries across multiple internet sources — a project lead told staff that Mercor was “currently reassessing the project scope.”
A threat actor known as TeamPCP appears to have recently compromised two versions of the popular AI API tool LiteLLM. The breach exposed any company or service that integrated LiteLLM and installed the tampered, malicious updates. Researchers estimate thousands of organizations could be affected, including other major AI companies, but the breach at Mercor highlights just how sensitive the compromised data can be.
Mercor and its key competitors — including Surge, Handshake, Turing, Labelbox, and Scale AI — have a longstanding reputation for extreme secrecy around the services they provide to major AI labs. It is extremely rare for the CEOs of these firms to speak publicly about their specific client work, and all projects are referred to by internal codenames to avoid leaks.
Adding confusion around the hack’s attribution, a group operating under the well-known cybercriminal name Lapsus$ claimed this week that it was behind the Mercor breach. On a Telegram account and a cloned version of hacking forum BreachForums, the actor offered to sell a large trove of alleged Mercor data, including a 200+ gigabyte database, nearly 1 terabyte of source code, and 3 terabytes of video and other internal information. But cybersecurity researchers note that many unrelated cybercriminal groups now periodically adopt the Lapsus$ name for their operations, and Mercor’s confirmation of the LiteLLM connection points to the attacker being TeamPCP or an affiliate of the group.
TeamPCP’s compromise of the two LiteLLM updates is part of a much larger supply chain hacking spree the group has carried out over recent months, which has grown in scale and catapulted the relatively new group to prominence. Alongside running data extortion attacks and partnering with ransomware groups such as Vect, TeamPCP has also dabbled in geopolitical activity: the group has spread a data-wiping worm called “CanisterWorm” through vulnerable cloud instances that have Farsi set as their default language or system clocks matched to Iran’s time zone.
“TeamPCP is definitely financially motivated,” said Allan Liska, a ransomware specialist and analyst at cybersecurity firm Recorded Future. “There might be some geopolitical stuff as well, but it’s hard to determine what’s real and what’s just bluster, especially with a group this new.”
Looking at dark web posts advertising the alleged stolen Mercor data, Liska added: “There is absolutely nothing that connects this to the original Lapsus$.”
