Hackers Stole 4 Terabytes From the Startup That Trains OpenAI, Anthropic and Meta. It Took One Poisoned Library.
Mercor, the $10B AI data startup, confirms Lapsus$ stole source code, passports, and video interviews via a single poisoned open source library.
The AI Post newsroom — delivering AI news at the speed of intelligence.
Here is the nightmare scenario that every AI company whispers about but nobody wants to say out loud: the startup that provides training data to OpenAI, Anthropic, and Meta just got gutted by hackers. And they did it by poisoning a single open source library.
Mercor, the $10 billion AI recruiting platform that connects domain experts to the biggest AI labs on the planet, confirmed this week that the notorious Lapsus$ hacking group stole 4 terabytes of data from its systems. That includes 939GB of platform source code, a 211GB user database, and 3TB of storage buckets containing video interviews and identity verification passports. Lapsus$ is now auctioning the entire haul on the dark web.
The attack vector is what should terrify every developer reading this. A hacking group called TeamPCP compromised the PyPI publishing credentials for LiteLLM, a widely used open source library that connects applications to AI services from OpenAI, Anthropic, and others. They injected a three-stage backdoor into versions 1.82.7 and 1.82.8. Because LiteLLM is downloaded millions of times per day, the malware spread across thousands of organizations before anyone noticed.
Think about that for a second. One poisoned library. Thousands of companies compromised. And the richest target in the blast radius happened to be the company that holds the training data, expert profiles, and identity documents for the people teaching AI to think.
Mercor says it was "one of thousands of companies" affected and has third-party forensics investigators on it. But the damage is done. Lapsus$, the same crew that previously hit Microsoft, Nvidia, and Samsung, reportedly breached Mercor through its Tailscale VPN after the initial LiteLLM compromise gave them credentials to work with.
The unconfirmed but deeply alarming part: reports circulating online suggest datasets used by some of Mercor's major AI customers, and information about those customers' secretive AI projects, may have been compromised. If true, this is not just a data breach. It is an intelligence breach at the heart of the AI arms race.
This is the supply chain problem that security researchers have been screaming about for years. The AI industry runs on open source. Open source runs on trust. And trust, it turns out, can be bought for the price of a stolen PyPI credential.
First reported by Fortune and TechCrunch. Mercor confirmed the breach via its official X account on March 31.