TechFlow News: On April 3, according to Fortune, Mercor—a startup that supplies training data to AI companies including OpenAI, Anthropic, and Meta—confirmed a major security breach. The incident stemmed from a supply-chain attack targeting the open-source library LiteLLM, widely used by developers to connect to AI services and downloaded millions of times daily.
The attack was carried out by the hacker group TeamPCP, which injected malicious code into LiteLLM to steal credentials. Another hacker group, Lapsus$, subsequently claimed to have obtained up to 4TB of Mercor’s data, including source code, database records, internal Slack communications, and platform dialogue videos. According to unverified reports, datasets belonging to some of Mercor’s clients—as well as confidential information about their AI projects—may have been compromised. Mercor stated it has taken swift action to contain the incident and has initiated a third-party forensic investigation.
