Meta Pauses Work With Mercor Following Major AI Data Breach

Meta has indefinitely paused all collaboration with the data contracting firm Mercor following a major security breach. The company is currently investigating the incident to determine if sensitive AI training secrets were exposed, a move that highlights the critical importance of proprietary datasets in the development of large-scale AI models.

Mercor serves as a key vendor for several of the world’s leading AI labs, including Meta, OpenAI and Anthropic. The startup manages massive networks of human contractors to generate bespoke, proprietary datasets. These datasets are essential ingredients for training the models that power products such as ChatGPT and Claude Code.

AI labs treat this training data as highly confidential because it can reveal the specific methodologies used to refine their models. Such disclosures could provide competitors, including other labs in the United States and China, with key insights into the proprietary recipes used to create competitive AI advantages.

Details of the Security Breach

Mercor confirmed the security incident in an email to its staff on March 31, 2026. In the message, the company stated, There was a recent security incident that affected our systems along with thousands of other organizations worldwide.

The breach has been linked to compromised updates to LiteLLM, an AI API tool. While a group using the name Lapsus$ claimed responsibility for the attack and reportedly listed the data for live auction, some researchers suggest that an attacker group known as TeamPCP is the likely culprit.

Industry Response and Investigations

While Meta has taken the step of halting all work, other AI labs are taking different approaches. OpenAI has not stopped its current projects with Mercor, though a company spokesperson confirmed that OpenAI is investigating the incident to see how its proprietary training data may have been exposed.

The OpenAI spokesperson clarified that the security incident in no way affects OpenAI user data.

Other major AI labs are reportedly reevaluating their work with Mercor as they assess the full scope of the breach. Anthropic did not immediately respond to requests for comment regarding its partnership with the vendor.

Impact on Human Contractors

The indefinite pause in collaboration has created immediate instability for the contractors Mercor employs to build its datasets. On April 2, 2026, a Mercor employee informed contractors that those staffed on Meta projects are unable to log hours until the projects resume.

Because Meta’s pause is indefinite, these contractors may be functionally out of work while the company continues its investigation into the risks posed by the breach.