Meta Suspends Mercor Partnership Amid Strategic Review

All cooperation between Meta and Mercor has been put on hold indefinitely. It follows confirmation of a security compromise by the $10 billion AI data contracting startup, which may have exposed confidential training data belonging to some of the world's most renowned AI labs. A media report states that two sources have verified Meta's decision and have characterised it as indefinite.

The revelation has caused quite a stir in the AI research community. However, other laboratories, such as OpenAI and Anthropic, are attempting to assess the gravity of the breach and discover whether any of their own datasets, which are quite valuable, have been compromised.

Responses from Mercor

On March 31, Mercor notified its employees via email of the attack. According to the company's statement, thousands of other organisations around the world were also impacted by a recent security breach. Due to the sensitive nature of the data involved, the Mercor incident has garnered particular attention, but the breach might affect thousands of people. Although Meta has put a complete stop to all operations, OpenAI is still working on projects with Mercor and is looking into the matter to find out how its confidential training data got disclosed. The compromise does not impact OpenAI user data in any way, according to an OpenAI spokeswoman.

No one has explained the holdup to the contractors working on projects connected to Meta. Staff were advised by a project lead in a Chordus Slack channel that Mercor was reevaluating the project scope at the moment. A data broker known as Mercor mediates all data agreements between businesses such as OpenAI and Anthropic. By drawing on extensive human networks and data sets, it builds specialist datasets—what these AI businesses see as their most confidential  IP.ific that they employ to hone their models.

Who is Behind the Attack?

An organisation known as TeamPCP was associated with the breach. They are known to launch "supply-chain" attacks, which target libraries of commonly used software that developers utilise when creating their own code. In a separate development, the infamous extortion-focused hacking organisation Lapsus$ staked a claim to the breach and even published data samples it had acquired.

Data from the popular office messaging software Slack and ticketing systems were also included in the sample. In addition, two films were attached, which the company said showed chats between its artificial intelligence systems and contractors using its platform.