The companies training models for OpenAI and Anthropic have been hacked: Mercor confirms breach, Lapsus$ claims to have stolen 4TB of data

According to monitoring by 1M AI News, AI hiring platform Mercor confirmed it was the victim of a cyberattack, caused by a compromise of the supply chain for the open-source Python library LiteLLM. Mercor said it is “one of thousands of affected companies,” and has hired third-party forensic experts to investigate.

LiteLLM is a Python library with 97 million monthly downloads. Developers use it as a unified interface to connect to more than 100 AI services, including OpenAI and Anthropic. A hacking group called TeamPCP uploaded versions 1.82.7 and 1.82.8 to PyPI that had been injected with malicious code. The code would steal SSH keys, API tokens, .env files, and cloud provider credentials, and establish a persistent backdoor. After security company Snyk detected the malicious versions, they were removed within a few hours, but the exposure window was enough for attackers to compromise downstream systems.

The ransomware hacking group Lapsus$ later claimed responsibility for the attack on Mercor on its leak site, saying it stole about 4TB of data in total, including:

1. 939GB of source code
2. 211GB of database data
3. 3TB of storage buckets (allegedly including video interview recordings, identity verification files, etc.)
4. All data from TailScale VPN

In the post, Lapsus$ also published some data samples, including Slack communication records, information from the ticketing system, and videos showing interactions between Mercor’s AI system and platform contractors. After analyzing the leaked samples, security researchers on social media pointed out that the data contains what appear to be internal project file structures related to Amazon, Apple, and Meta, but Mercor has not yet confirmed which specific customers’ data were affected.

Mercor was founded in 2023, with a valuation of $10 billion (Series C in October 2025). It manages more than 30,000 expert contractors and pays contractors more than $2 million per day on average, providing expert human feedback services needed for model training and evaluation to AI labs such as OpenAI, Anthropic, and Google DeepMind. A Mercor spokesperson confirmed that an investigation has been launched, but declined to answer whether the incident is related to Lapsus$’s claims, and did not say whether any customer or contractor data was accessed, leaked, or misused. If Lapsus$’s statements are true, this would be a major security incident directly affecting core data in the training workflows of multiple leading AI labs. The relationship between TeamPCP and Lapsus$ is not yet clear. Cybernews analysis suggests that Lapsus$’s attack on Mercor may indicate that TeamPCP and ransomware groups are beginning to collaborate in a substantive way, similar to the chain effect seen earlier when ShinyHunters leveraged a Salesforce vulnerability and Cl0p leveraged a MOVEit vulnerability.