Mercor, a $10 billion AI startup that works with companies including OpenAI and Anthropic, confirms major data breach

Mercor, a startup that provides training data to major AI companies, confirmed that it was the victim of a security breach that may have exposed sensitive company and user data.

The three-year-old startup, which is valued at $10 billion, recruits experts in fields ranging from medicine to law to literature, to help provide data that improves the capabilities of AI models. Its customers include Anthropic, OpenAI, and Meta.

According to unconfirmed reports circulating online, datasets used by some of Mercor’s customers and information about those customers’ secretive AI projects may have been compromised in the breach.

The incident was linked to a supply-chain attack involving LiteLLM, a widely used open-source library for connecting applications to AI services.

The company confirmed to Fortune it was “one of thousands of companies” affected by the supply-chain attack on LiteLLM, which has been linked to a hacking group called TeamPCP. Mercor spokesperson Heidi Hagberg said that the company had “moved promptly” to contain and remediate the incident and said a third-party forensics investigation was underway.

“The privacy and security of our customers and contractors is foundational to everything we do at Mercor,” Hagberg said. “We will continue to communicate with our customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible.”

Mercor is widely considered one of Silicon Valley’s hottest startups, having raised $350 million in a Series C round led by venture capital firm Felicis Ventures last October. 

The TeamPCP hacking group planted malicious code inside LiteLLM, a tool used by developers to plug their applications into AI services from companies including OpenAI and Anthropic, that is typically downloaded millions of times per day, according to security firm Snyk. The code was designed to harvest credentials and spread widely across the industry before it was identified and removed within hours of discovery.

Lapsus$, a notorious extortion hacking gang, later claimed it had targeted Mercor and accessed its data. It’s not immediately clear how the gang obtained the data, and Mercor did not respond to specific questions from Fortune about the hacking group’s claims. TeamPCP is thought to have recently begun collaborating with Lapsus$ as well as other groups that specialize in ransomware and extortion, according to security researchers from the cybersecurity firm Wiz quoted in a story in Infosecurity Magazine.

TeamPCP is known for engineering so-called supply-chain attacks, in which malware is planted inside codebases or software libraries that are widely used by programmers when writing their own code. Lapsus$, by contrast, is an older hacking group, known for social engineering and phishing attacks that focus on stealing user log-in credentials and then using those credentials to gain access to and steal sensitive data.

Lapsus$ has published samples of allegedly stolen data on its leak site, according to TechCrunch, including what appeared to be Slack data, internal ticketing information, and two videos purportedly showing conversations between Mercor’s AI systems and contractors on its platform. Lapsus$ claims to have obtained as much as four terabytes of data in total, including source code and database records. A single terabyte constitutes approximately as much data as is found in 1,000 hours of video or 1,000 copies of the Encyclopedia Britannica.

Mercor may be an early indicator of a coming wave of extortion attempts stemming from the supply-chain attack. TeamPCP has publicly stated its intention to partner with ransomware and extortion groups to target affected companies at scale, according to cybersecurity trade publication Cybernews. If true, that strategy would mirror campaigns carried out in the past by hacking groups.

In 2023, an attack from the Cl0p ransomware gang that exploited a vulnerability in MOVEit, a widely used file transfer tool, breached hundreds of organizations simultaneously, ultimately affecting nearly 100 million individuals across government agencies, financial institutions, and health care providers. Extortion attempts from that campaign dragged on for months.

This story was originally featured on Fortune.com