Mercor, an AI data training startup valued at $10 billion after a $350 million Series C six months ago, disclosed on March 31 that it was the target of a data breach. The incident has resulted in lawsuits and customer disruptions, bringing attention to the software supply chain behind AI infrastructure. According to TechCrunch reporting, a hacker group claimed to have obtained 4TB of stolen data from Mercor’s systems, including candidate profiles, personally identifiable information, employer data, source code, and API keys. The company stated it is investigating and will “continue to communicate with our customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible.” Mercor has not commented on whether the stolen data is authentic.
The breach traced to LiteLLM
Mercor attributed the breach to a hack of LiteLLM, an open source tool that is downloaded millions of times a day. The compromise window was specific: for 40 minutes, the tool contained credential harvesting malware, rogue software designed to steal login credentials.
The reported attack chain demonstrates a recursive pattern. The harvested credentials were used to gain access to additional software and accounts, which enabled the malware to harvest more credentials in succession. This credential expansion model is characteristic of supply-chain attacks, particularly when tied to an open source component that many developers rely on as part of AI application stacks.
Scope of the breach: 4TB of sensitive data
TechCrunch reports that a hacker group claimed to have obtained 4TB of stolen data from Mercor’s systems. The reportedly affected categories include both operational and proprietary assets: candidate profiles, personally identifiable information (PII), employer data, source code, and API keys. The presence of API keys is particularly significant for AI data training workflows, as these credentials can authenticate to internal systems, third-party services, or model-related endpoints—potentially converting a data breach into an access breach.
Mercor has not provided a formal acknowledgment of the total volume of data exfiltrated. However, the presence of credential theft suggests that the time window and scope of compromised secrets could extend beyond the visible data dump.
Customer responses and operational impact
For AI data training companies, the breach extends beyond leaked data to affect the operational trust required to maintain model-making workflows. Mercor handles custom data sets and processes that customers use to train their models—assets that represent significant competitive value. Meta, despite spending $14.3 billion on Mercor’s competitor Scale AI, continued working with Mercor prior to the breach.
Following the breach disclosure, Meta paused its contracts with Mercor indefinitely, according to sources cited by TechCrunch via Wired. Mercor declined to comment on this development. The pattern suggests that major AI customers may treat data training vendors as part of their security boundary: if a vendor’s systems are compromised and credentials are implicated, contracts may be suspended while customers verify exposure and rotate secrets.
OpenAI’s response differed. OpenAI confirmed to Wired that it was investigating its exposure in Mercor’s breach but stated it had not paused or ended its contracts at the time of reporting. TechCrunch notes that multiple sources indicated additional customer responses may be unfolding.
Supply-chain implications for AI infrastructure
The Mercor incident illustrates how AI systems often depend on open source components positioned within application logic—components that may be treated as infrastructure rather than security-critical systems. In this case, Mercor attributes the breach to a compromised open source tool, LiteLLM, with a compromise window of 40 minutes. Even brief compromise windows can have significant impact if they coincide with normal developer usage at scale. LiteLLM’s reported download volume of millions of times per day suggests that if credentials were harvested broadly, the number of downstream targets could be substantial.
From an industry perspective, this incident could increase focus on technical controls that reduce supply-chain impact, such as dependency provenance, secret management, and rapid credential rotation. The reported presence of API keys and the described credential expansion loop indicate that incident response would include both data forensics and authentication remediation.
The breach has moved beyond incident response into legal and commercial territory, with reports of lawsuits and customer contract suspensions.
Source: TechCrunch