CybersecuritySecurity NewswireCybersecurity News

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

By Jordyn Alger, Managing Editor
AI
Immo Wegmann via Unsplash
April 3, 2026

Mercor is an AI startup that provides training data for notable AI companies, and it has just announced a data breach. Allegedly stolen data has been published on a leak site, containing Slack information, internal ticketing data, and videos of conversations between Mercor’s AI systems and contractors. Four terabytes of data have reportedly been stolen, including database records and source code

  • What happened? This breach is connected to a supply chain attack involving LiteLLM, an open-source library linking applications to AI services. Mercor told Fortune it was “one of thousands of companies” impacted by the LiteLLM supply-chain incident, linked to TeamPCP, a hacking group. The group inserted malicious code into LiteLLM, harvesting credentials and spreading until it was discovered and removed. 
  • Who breached Mercor? Extortion hacking group Lapsus$ has claimed responsibility for the breach. While it is not immediately clear how the group accessed the data, some speculate that TeamPCP and Lapsus$ have begun working together. 
  • What happens next? Mercor states it moved to contain and remediate the incident upon discovery. Third-party forensics investigations have begun. 

“The Mercor breach exposes a blind spot that’s been hiding in plain sight,” says Eric Schwake, Director of Cybersecurity Strategy at Salt Security. “As enterprises race to connect their data to AI models through proxies and gateways like LiteLLM, they are creating highly sensitive chokepoints that legacy security tools simply weren’t built to see. When one of these middleware layers is compromised, an attacker doesn’t need to trick the AI, they get direct access to raw API keys, unencrypted prompts, and proprietary data flowing underneath. To a legacy WAF, that exfiltration looks identical to a legitimate AI workload. This incident isn’t an outlier. It’s a preview of the new attacker playbook.”  

Mercor is considered by many to be one of the most prominent startups in Silicon Valley, valued at $10 billion at three years old. Customers include Meta, Anthropic, and Open AI

KEYWORDS: artificial intelligence (AI) data breach supply chain cyber security supply chain risk

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jordynalger

Jordyn Alger is the managing editor for Security magazine. Alger writes for topics such as physical security and cyber security and publishes online news stories about leaders in the security industry. She is also responsible for multimedia content and social media posts. Alger graduated in 2021 with a BA in English – Specialization in Writing from the University of Michigan. Image courtesy of Alger

Related Articles

Related Products

See More ProductsSee More Products

Events

View AllSubmit An EventView AllSubmit An Event

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!