Meta has halted its partnership with AI‑training startup Mercor following a data breach that exposed proprietary training data and internal communications.
The breach was caused by malicious versions of the LiteLLM open‑source package, released on March 24 2026. Mercor detected anomalous activity on April 28 2026 and the extortion group Lapsus$ claimed responsibility on April 29 2026, confirming the supply‑chain attack was orchestrated by the TeamPCP group.
Stolen data included Slack messages, internal ticket records, proprietary training datasets, data‑selection criteria, labeling protocols, training strategies, source code, and contractor information, with estimates of up to 4 TB of data exfiltrated.
Mercor, founded in 2023 and valued at $10 billion after a Series C round in October 2025, is now facing a loss of trust from key clients such as Meta, OpenAI, and Anthropic, and may experience a significant revenue shock as other AI labs reassess their engagements.
Meta’s pause reflects its emphasis on data security and compliance, underscoring the broader industry risk of supply‑chain attacks on AI development pipelines. "Our security team moved promptly to contain and remediate the incident. We are conducting a thorough investigation supported by leading third‑party forensic experts," Mercor’s management said.
The content on EveryTicker is for informational purposes only and should not be construed as financial or investment advice. We are not financial advisors. Consult with a qualified professional before making any investment decisions. Any actions you take based on information from this site are solely at your own risk.