Meta Freezes AI Data Work After Breach Exposes Training Secrets
In short:
Meta has suspended its collaboration with Mercor, a $10 billion AI data startup, after a supply chain attack exposed what may be the AI industry’s most closely guarded secrets: not just personal data, but the training methodologies that power the world’s leading large language models. The breach, carried out via a poisoned version of the LiteLLM open-source library, has triggered investigations at OpenAI and Anthropic, and resulted in a class action lawsuit affecting more than 40,000 people.
When hackers poisoned a widely used open-source library last month, they did not just steal personal data. According to reporting by Wired, they may have walked out with the blueprints for how some of the world’s most powerful AI models are built.
Meta has paused its work with Mercor, a San Francisco-based AI data company that generates bespoke training datasets for the biggest names in artificial intelligence, after a cyberattack exposed sensitive information about how the company, and potentially several of its other clients, actually trains its models. The pause is indefinite, and the incident has sent a ripple of anxiety through an industry that has spent billions developing the proprietary methods it was counting on keeping secret.
The Startup Behind the Curtain
Mercor is not a household name, but it sits at a critical juncture of the AI economy. Founded in 2023 by Brendan Foody, Adarsh Hiremath, and Surya Midha, three Bay Area high school friends who competed together on the Bellarmine College Preparatory Speech and Debate team, the company recruits networks of human contractors, engineers, lawyers, doctors, bankers, and journalists to produce high-quality, proprietary training data for AI labs. Its clients have included Meta, OpenAI, Anthropic, and Google.
TNW City Coworking space – Where your best work happens
A workspace designed for growth, collaboration, and endless networking opportunities in the heart of tech. Book a tour now
The startup’s rise has been extraordinary even by Silicon Valley standards. In October 2025, Mercor closed a $350 million Series C round that valued it at $10 billion, minting all three founders as the world’s youngest self-made billionaires at the age of 22. By September 2025, the company had reached $500 million in annualised revenue, up from $100 million just six months earlier. Its business model, generating the fine-tuning and reinforcement learning data that AI labs rely on but rarely discuss publicly, made it one of the most valuable private companies in the AI supply chain.
That same positioning is now the source of its vulnerability.
A Poisoned Package, a Cascade of Exposure
The attack that reached Mercor originated several steps upstream. According to analysis by Wiz, Snyk, and Datadog Security Labs, a threat actor group known as TeamPCP compromised the CI/CD pipeline of LiteLLM, an open-source Python library used by millions of developers to connect applications to AI services, with 97 million monthly downloads and a presence in an estimated 36% of cloud environments.
TeamPCP had earlier used a supply chain attack on Trivy, a widely used security scanner, to obtain credentials for Mercor’s GitHub repositories. They then injected malicious code into the LiteLLM library, which was later downloaded by Mercor and its clients, exposing sensitive data and potentially compromising training methods.