Source: Fortune
Summary
Mercor, a $10 billion-valued AI startup, confirmed a security breach that may have exposed sensitive company and user data. The breach was linked to a supply chain attack involving LiteLLM, a widely used open-source library for connecting applications to AI services. Mercor recruits experts to provide data to improve AI models for customers like Anthropic, OpenAI, and Meta. The company says it has moved promptly to contain and remediate the incident, with a third-party forensics investigation underway.
Our Reading
The numbers tell one story. Mercor’s security incident may have exposed sensitive data from its customers, including Anthropic, OpenAI, and Meta. The breach was linked to a supply chain attack on LiteLLM, a tool used by developers to plug their applications into AI services. TeamPCP, a hacking group, planted malicious code inside LiteLLM, which was downloaded millions of times per day. Mercor’s $10 billion valuation and high-profile customers make this incident a significant concern.
When a startup with a $10 billion valuation says “the privacy and security of our customers and contractors is foundational to everything we do,” it sounds like a promise that’s already been broken.
Author: Evan Null
