Meta halts AI data operations following a breach that threatens to expose its training secrets.

      In summary, Meta has halted its partnership with Mercor, a $10 billion AI data startup, following a supply chain attack that revealed potentially the AI industry's best-kept secrets: not only personal information but also the training methods utilized for leading large language models. The breach, enacted through a compromised version of the LiteLLM open-source library, has led to investigations at OpenAI and Anthropic, along with a class action lawsuit impacting over 40,000 individuals.

      When hackers infiltrated a widely utilized open-source library last month, they didn't merely abscond with personal data. Reporting by Wired suggests they may have obtained the designs for constructing some of the world's most robust AI models.

      Meta has suspended its collaboration with Mercor, a San Francisco-based AI data firm that creates customized training datasets for major AI companies. This decision came after a cyberattack revealed sensitive data regarding the training methods of Mercor and potentially other clients. The suspension is indefinite, raising concerns within an industry that has invested heavily to keep its proprietary methods confidential.

      Mercor might not be a well-known name, but it plays a vital role in the AI economy. Founded in 2023 by Brendan Foody, Adarsh Hiremath, and Surya Midha—three friends from the Bay Area who competed in the Speech and Debate team at Bellarmine College Preparatory—the company hires networks of contractors across various professions to produce high-quality, proprietary training data for AI labs. Its clientele has included major companies such as Meta, OpenAI, Anthropic, and Google.

      The startup's growth has been remarkable, even by Silicon Valley standards. In October 2025, Mercor completed a $350 million Series C funding round, achieving a valuation of $10 billion and making all three founders the youngest self-made billionaires at just 22 years old. By September 2025, the company had reached $500 million in annualized revenue, a significant jump from $100 million just six months prior. Its business model, which generates the fine-tuning and reinforcement learning data that AI labs depend on but seldom discuss publicly, positioned it as one of the most valuable private firms in the AI supply chain. However, this same positioning has contributed to its current vulnerability.

      The attack on Mercor started upstream. Analysis from Wiz, Snyk, and Datadog Security Labs revealed that a group called TeamPCP compromised the CI/CD pipeline of the LiteLLM, an open-source Python library utilized by millions of developers for connecting applications to AI services, boasting 97 million monthly downloads and a presence in about 36% of cloud environments. TeamPCP had previously exploited a supply chain attack on Trivy, a widely used security scanner, to gain credentials belonging to a LiteLLM maintainer. On March 27, 2026, the group used these credentials to release two malicious versions of the LiteLLM package (1.82.7 and 1.82.8) directly to PyPI, the Python package repository. These infected packages were accessible for about 40 minutes before detection and removal.

      The malware payload was complex. Version 1.82.7 included base64-encoded malware embedded directly into the library's proxy server code, executing upon import. Version 1.82.8 utilized a harmful path configuration file that triggered automatically with each Python process startup. Both versions aimed to collect environment variables, API keys, SSH keys, cloud credentials across AWS, Google Cloud, and Azure, Kubernetes configurations, CI/CD secrets, and database credentials, exfiltrating this information to a server at models.litellm[.]cloud.

      Mercor acknowledged that it was "one of thousands of companies" affected by the breach, subsequently discovering that around four terabytes of data had been compromised. Court filings and statements from involved hacking groups suggested that the stolen data includes 939 gigabytes of platform source code, a 211-gigabyte user database, and approximately three terabytes of video interview recordings and identity verification documents. The exposed data may encompass full names and Social Security numbers of over 40,000 current and former Mercor contractors and clients.

      While the exposure of personal data is concerning, what has particularly alarmed Meta and attracted the scrutiny of other AI labs is another type of information. Because Mercor operates within the data pipelines of multiple AI companies concurrently, the breach may have revealed insights into data selection criteria, labeling protocols, and training strategies that organizations have dedicated years and billions of dollars to develop. While replicating a dataset is possible, duplicating a training methodology is more challenging and constitutes a significant competitive advantage. The Wired report highlights the magnitude of this potential exposure, prompting several AI labs to investigate the specifics of what may have been compromised.

      OpenAI, which also utilizes Mercor’s services, has stated it is looking into the incident but has not halted its ongoing projects with the firm. Anthropic, which raised $3 billion in early 2026 and has