Workers are suing the $10 billion AI startup Mercor for allegedly collecting and exposing their personal data. Mercor, known for collaborations with OpenAI, Anthropic, and Meta, disputes these allegations. This lawsuit comes in the wake of a significant security incident involving a supply-chain attack on LiteLLM, a popular open-source library used for AI services. The breach has been attributed to the TeamPCP hacking group, which deployed malicious code that harvested credentials and compromised multiple companies, including Mercor.

Meta: Meta operates leading AI research and development initiatives. It worked with Mercor on AI training data in connection with the confirmed security incident.
Mercor: Mercor is an AI startup that provides training data to major AI companies. It confirmed being affected by a supply-chain attack on LiteLLM, an open-source library, leading to a security breach that potentially exposed sensitive company and user data. The company has remediated the incident and initiated a third-party forensics investigation.
OpenAI: OpenAI develops advanced AI models and services. It is one of Mercor’s customers that received training data from the startup amid the recent security breach involving LiteLLM.
Anthropic: Anthropic builds safe and reliable AI systems. It collaborated with Mercor for training data services during the period of the LiteLLM supply-chain attack.

`json
{
“Data Exposure”: “Lapsus$ published samples of allegedly stolen Mercor data, including Slack communications and internal videos.”,
“Security Incident”: “Mercor was hit by a supply-chain attack on LiteLLM, a widely used open-source library for AI service connections. The breach is linked to vulnerabilities found within the LiteLLM library, as detailed by Mercor’s recent forensic investigation.”
}
`