 (3).png)
4 days ago
5
ARTICLE AD BOX
Founded in 2023 and regarded as one of Silicon Valley's hottest start-ups, Mercor, valued at $10 billion, works with AI companies, including OpenAI and Anthropic to help train models by contracting specialists such as doctors, scientists, lawyers etc. across various markets, including India.
Representational image showing a cybersecurity breach,(Pixabay)Mercor, a $10 billion AI startup that provides data to major AI firms including OpenAI and Anthropic, has confirmed that it was hit by a security breach that may have exposed sensitive company and user data.
The security incident was linked to a supply chain attack involving an open source project named LiteLLM, and Mercor on Tuesday confirmed to TechCrunch that it was "one of the thousands of companies" that had been affected by the compromise of LiteLLM's security.
While the LiteLLM breach was linked to a hacking group called TeamPCP, another group called Lapsus$, known for extorting victims, claimed to have targeted Mercor.
It was not immediately clear how Lapsus$ got the stolen Mercor data, and whether it participated in TeamPCP's cyberattack, reported TechCrunch.
What we know about the hack
LiteLLM is a tool used by developers to connect their applications to AI services from providers such as OpenAI and Anthropic, and is typically downloaded millions of times per day, as per cybersecurity firm Synk.
TeamPCP reportedly targeted the tool, planting malicious code inside LiteLLM to extract and harvest credentials.
Although the malicious code implanted by TeamPCP was identified and removed within hours, it had spread widely in the industry.
Lapsus$ also claimed responsibility for the breach on its leak site, sharing a sample of data allegedly taken from Mercor. The sample included material that referenced data from Slack, a commonly used workplace communications app, as well as ticketing data, reported TechCrunch. It further included two videos purportedly showing conversations between the Silicon Valley startup's AI systems and contractors on its platform.
TeamPCP, which carried out the cyberattack against LiteLLM, has a reputation for engineering so-called supply chain attacks that target software libraries widely used by developers when writing their own code.
Lapsus$, meanwhile, is an older cybercrime group known for social engineering and phishing attacks that target log-in credentials to access and steal sensitive data. The group is also notorious for extorting its victims.
Has the breach been contained?
Mercor spokesperson Heidi Hagburg told TechCrunch that the AI startup had "moved promptly" to contain the situation, adding that a third-party forensics probe had been launched.
"The privacy and security of our customers and contractors is foundational to everything we do at Mercor," Hagburg said, adding, "We will continue to communicate with our customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible."
However, Hagberg did not comment on whether the incident was linked to claims by Lapsus$, or whether the data of customers and contractors had been accessed and misused.
It also remains unclear how many companies were affected by the LiteLLM-related data breach.
About Mercor
Founded in 2023 and regarded as one of Silicon Valley's hottest start-ups, Mercor works with AI companies, including OpenAI and Anthropic to help train models by contracting specialists such as doctors, scientists, lawyers etc. across various markets, including India.
In October 2025, Mercor raised $350 million in a Series C funding round led by Felicis Ventures in October 2025, and was valued at $10 billion.
About the Author
Shiladitya Ray
Shiladitya Ray specializes in covering geopolitics and science, and believes in communicating complex information through accessible, compelling, and if possible, visually engaging narratives. He has nearly 10 years of experience in digital media, and has been an Associate Editor with Mint for five months.<br><br> Shiladitya holds a bachelor's degree in English Literature from Jadavpur University, and two master's degrees in Development Studies and Sociology from TISS, Hyderabad and Delhi School of Economics respectively.<br><br> Shiladitya has also completed a Data Journalism fellowship with Google News Initiative (GNI), where he was a standout performer. He was subsequently invited as a speaker to GNI's AI Skills Workshop held in 2025, where he shared his previous work and experience in leveraging generative AI tools for data visualization with an audience of senior newsroom editors.<br><br> Prior to joining Mint, Shiladitya was a Chief Sub-Editor with Deccan Herald, and has previously worked for digital media startups NewsBytes and Opoyi. He has also served as an academic editor for Cactus Communications, where he worked with scholars on manuscripts meant for journal publication.<br><br> Shiladitya is based out of Delhi, is an avid reader, and has a keen interest in world affairs, science, philosophy, music, and football.
English (US) ·