Meta and OpenAI are investigating a major security breach at Mercor, a startup providing data labeling and training services for artificial intelligence models. Meta has reportedly paused its work with the vendor following the incident.
The breach originated from a supply chain attack involving malicious code inserted into LiteLLM, a widely used open-source library. Hacker groups claim to have stolen Mercor’s source code, databases, and internal communications.
The incident raises concerns about the exposure of proprietary client data and confidential AI project information. Mercor confirmed the breach and has launched a forensic investigation.