Mercor, a $10 billion AI startup that provides data to major AI firms, including OpenAI and Anthropic, has confirmed that it was hit by a security breach that may have exposed sensitive company and user data.
The security incident was linked to a supply-chain attack involving the open-source project LiteLLM. Mercor on Tuesday confirmed to TechCrunch that it was “one of the thousands of companies” affected by the compromise of LiteLLM’s security.
While the LiteLLM breach was linked to a hacking group called TeamPCP, another group called Lapsus$, known for extorting victims, claimed to have targeted Mercor.
It was not immediately clear how Lapsus$ obtained the stolen Mercor data or whether it participated in TeamPCP’s cyberattack, TechCrunch.
What we know about the hack
LiteLLM is a tool used by developers to connect their applications to AI services from providers such as OpenAI and Anthropic, and is typically downloaded millions of times per day, as per cybersecurity firm Synk.
TeamPCP reportedly targeted the tool, planting malicious code inside LiteLLM to extract and harvest credentials.
Although the malicious code implanted by TeamPCP was identified and removed within hours, it had spread widely in the industry.
Lapsus$ also claimed responsibility for the breach on its leak site, sharing a sample of data allegedly taken from Mercor. The sample included material referencing data from Slack, a commonly used workplace communications app, as well as ticketing data, reported TechCrunch. It included two videos purportedly showing conversations between the Silicon Valley startup’s AI systems and contractors on its platform.
TeamPCP, which carried out the cyberattack against LiteLLM, has a reputation for engineering so-called supply chain attacks that target software libraries widely used by developers when writing their own code.
Lapsus$, meanwhile, is an older cybercrime group known for social engineering and phishing attacks that target log-in credentials to access and steal sensitive data. The group is also notorious for extorting its victims.
Has the breach been contained?
Mercor spokesperson Heidi Hagburg told TechCrunch that the AI startup had “moved promptly” to contain the situation, adding that a third-party forensics probe had been launched.
“The privacy and security of our customers and contractors is foundational to everything we do at Mercor,” Hagburg said, adding, “We will continue to communicate with our customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible.”
However, Hagberg did not comment on whether the incident was linked to claims by Lapsus$ or whether the data of customers and contractors had been accessed and misused.
It also remains unclear how many companies were affected by the LiteLLM-related data breach.
About Mercor
Founded in 2023 and regarded as one of Silicon Valley’s hottest start-ups, Mercor works with AI companies, including OpenAI and Anthropic to help train models by contracting specialists such as doctors, scientists, lawyers etc. across various markets, including India.
In October 2025, Mercor raised $350 million in a Series C funding round led by Felicis Ventures in October 2025, and was valued at $10 billion.
