Meta在2026年3月31日确认遭受安全事件，并于4月3日停止与其所有合作后，Meta已无限期暂停与Mercor的一切项目。WIRED两位知情人士指出，其他主要AI实验室也在同步重新评估与Mercor的合作范围。Mercor为OpenAI、Anthropic及其他大模型公司提供受高度保密的定制训练资料，这类资料常被视为模型训练方法与商业竞争力核心资产；若外泄，可能被US或中国竞争者拿来推测其模型开发策略。

OpenAI表示其未受影响的使用者资料；但仍在调查Mercor事件可能导致其专有训练资料外泄的程度，Anthropic当下未立即回应。Mercor表示攻击影响到其系统及全球数以千计组织。受影响承包商中，参与Meta项目的人员暂停打卡记录工时，接近失去可持续工时，公司内部正寻找替代项目。Chorus/Chordus（Meta专案）频道仅显示“目前重新评估项目范围”。

报告称攻击者TeamPCP先前入侵了两个LiteLLM版本，并透过受影响更新影响大量采用LiteLLM的公司与服务；潜在受害者可能达数千。Lapsus$声称可贩售约200GB以上资料库、约1TB原始码与约3TB影音及其他资料，但研究人员指出，Lapsus$名号常被他人冒用；此事件更符合TeamPCP脉络。Recorded Future的Allan Liska指出，TeamPCP近期以数据勒索与与Vect等勒索团伙合作闻名，且其政治化行为（如CanisterWorm）可能是幌子；此人认为其以经济动机为主，与原始Lapsus$无直接关联仍难下定论。

Meta confirmed on March 31 that it experienced a security incident and, by April 3, indefinitely paused all work with Mercor. Two sources told WIRED that other major AI labs are also reassessing their work with Mercor. Mercor provides highly confidential custom training datasets to firms such as OpenAI and Anthropic, and such data are treated as core intellectual assets in competitive model development; if exposed, competitors in the US and China could infer training methods and operational advantages.

OpenAI said no user data was affected, but said it is still investigating how much of its proprietary data may have been exposed through the Mercor breach, while Anthropic did not immediately respond. Mercor said the incident touched systems tied to thousands of organizations worldwide. Contractors working on Meta jobs were blocked from logging hours after the pause, potentially leaving them without billable work, and internal notes in the Chordus context said the company was “reassessing the project scope.”

The attacker known as TeamPCP compromised two LiteLLM updates, which may have spread to many companies and services using LiteLLM and affected possibly thousands. A group claiming the Lapsus$ name offered purported Mercor data, including over 200 GB of databases, nearly 1 TB of source code, and 3 TB of video/other files, but researchers say the Lapsus$ brand is often misused. Allan Liska at Recorded Future assessed TeamPCP as financially motivated, noting its recent ransomware-linked and CanisterWorm-related activity, and said there is no definitive proof of a direct link to original Lapsus$.