Overview
- Meta paused work with Mercor in a move WIRED reported as indefinite, and other AI labs are reviewing their ties to the contractor.
- Mercor says it was caught in a LiteLLM supply‑chain attack and moved to contain the incident with third‑party forensics as one of thousands affected.
- Attackers pushed malicious LiteLLM releases 1.82.7 and 1.82.8 to PyPI using stolen maintainer credentials, and those versions were live for about 40 minutes.
- Researchers point to cybercriminal group TeamPCP as the likely culprit, while a group using the Lapsus$ name claimed responsibility but that link remains unverified.
- OpenAI has not halted projects with Mercor but is checking for exposure of proprietary training datasets and says no user data was affected.