Meta has suspended all work with data contracting firm Mercor while it investigates a major security breach that affected the startup, two sources confirmed to WIRED. According to officials, the suspension period is indefinite. Other major AI institutes are also reevaluating their work with Melkor as they assess the scope of the incident, according to people familiar with the matter.
Mercor is one of the few companies that OpenAI, Anthropic, and other AI labs rely on to generate training data for their models. The company hires a large network of contractors to generate custom, proprietary datasets for these labs. These datasets are typically kept top secret because they are a core ingredient in the recipe for producing valuable AI models that power products like ChatGPT and Claude Code. AI Labs is sensitive to this data because it could reveal important details about how their AI models are trained to their competitors, including other AI labs in the United States and China. At this point, it is unclear whether the data exposed in Mercor’s breach will be of any meaningful help to competitors.
OpenAI has not suspended its current project with Mercor, but is investigating the startup’s security incident to determine how its proprietary training data was compromised, a company spokesperson confirmed to WIRED. However, a spokesperson said that this incident does not affect OpenAI user data in any way. Anthropic did not immediately respond to WIRED’s request for comment.
Melkor acknowledged the attack in an email to staff on March 31. “A security incident recently occurred that impacted our systems along with thousands of other organizations around the world,” the company wrote.
Melkor employees reiterated these points in a message to contractors Thursday, WIRED found. Contractors who were staffing the meta project will not be able to log time until and once the project restarts and could be functionally out of work, sources claim. The company is working to find additional projects for those affected, according to internal conversations seen by WIRED.
Mercor’s contractors were not told exactly why the Meta project was being paused. In a Slack channel related to the Chordus initiative (a meta-specific project that teaches AI models to use multiple internet sources to validate responses to user queries), project leaders told staff that Melkor is “currently reevaluating the scope of the project.”
An attacker known as TeamPCP appears to have recently compromised two versions of the AI API tool LiteLLM. This breach exposed companies and services that incorporated LiteLLM and installed contaminated updates. While there may be thousands of victims, including other large AI companies, the breach at Mercor illustrates the sensitivity of the compromised data.
Mercor and its competitors, including Surge, Handshake, Turing, Labelbox, and Scale AI, have developed a reputation for being incredibly secretive about the services they provide to major AI labs. You rarely see the CEOs of these companies speak publicly about the specific work their companies deliver, and internally they use code names to describe their projects.
Adding to the confusion surrounding the hack, this week a group with the well-known name Lapsus$ claimed to have compromised Mercor. With a Telegram account and a BreachForums clone, the attacker offered to sell a series of reams of Mercor data, including more than 200 GB of databases, approximately 1 TB of source code, and 3 TB of videos and other information. However, researchers say that many cybercrime groups now regularly use the Lapsus$ name, and Mercor’s confirmation of the LiteLLM connection means the attacker is likely to be one associated with TeamPCP or the group.
TeamPCP shot to fame after it appears to have compromised two LiteLLM updates as part of a larger supply chain hacking incident that has gained momentum in recent months. And while TeamPCP has launched data extortion attacks and collaborated with ransomware groups such as the group known as Vect, it has also expanded into the political realm, spreading a data erasure worm known as “CanisterWorm” through vulnerable cloud instances that use Farsi as a default language and clocks set to Iran’s time zone.
“TeamPCP’s motivations are clearly financial,” says Alan Liska, a ransomware analyst at security firm Recorded Future. “Maybe it’s geopolitical, but it’s hard to tell what’s true and what’s nonsense, especially with a group this new.”
Looking at dark web postings purporting to be Mercor data, Liska added, “There is absolutely nothing connecting this to the original Lapsus$.”
