After the data breach, $10B worth of startup Mercor has a month to go

Six months ago, Mercor was flying high after raising a $350 million Series C round which valued the AI ​​data learning startup at $10 billion. But after he agreed on March 31 that it was the target of the data breachthe company has been facing problems all over the world.

Since then, the hacker group has reportedly recovered 4TB of stolen data from Mercor’s systems, including personal information, personal information, employer information, source code, and API keys. Mercor has not commented on the validity of the data, only reiterating that it is investigating and “will continue to communicate with our customers and contractors directly as it should be and provide the necessary solutions to solve the problem as soon as possible.”

Mercor said the data breach was The result of the hack of the open source tool LiteLLM. This tool is so popular that it is downloaded hundreds of times a day. For 40 minutes, the tool had a history of harvesting malware – malicious software that can steal login credentials. The information was used to find more apps and accounts, which they used to harvest more information, and so on.

Although there has been no official confirmation of the amount of data taken from Mercor, there have been similar results. Meta has suspended its contracts with Mercor indefinitely, sources told Wired. (Mercor declined to comment to TechCrunch about this.)

Like other data-driven AI training companies, Mercor maintains the modelers’ biggest trade secrets: the data sets and methods they use to train their models. This is very important to them that even after Meta became $14.3 billion for the Mercor Scale AI competitioncontinued to work with Mercor.

On the side of good news for Mercor (maybe…we’ll see): OpenAI also confirmed to Wired that it is investigating its exposure to Mercor’s breach, but said it has not stopped or terminated its contracts at that time. However, TechCrunch has heard from several sources that other major model manufacturers may also be weighing their relationship with Mercor after the breach, although we have not confirmed enough information to name them yet.

Meanwhile, five Mercor contractors have filed lawsuits, Business Insider reportson what they think they have data on. Either these suits represent a serious threat or they are just opportunistic and the problem is out of sight. (Mercor declined to comment.)

One lawsuit, reviewed by TechCrunch, named LiteLLM and Delve as defendants. This is wild, and maybe a stretch, but here’s the connection: LiteLLM used AI Delve’s tracking to get its security credentials. Delve has been accused is an unidentified person who allegedly falsifies security information and uses rubber-stamp auditors.

Security assurance does not directly prevent hackers from launching successful attacks, but rather aims to ensure that companies have measures in place to mitigate such threats.

Although Delve denied these claims when they introduced the system changes, it became a self-inflicted world, until Y Combinator cut ties and company.

The cost of LiteLLM replied Delve and is now working on restarting AI tracking to regain its security credentials. LiteLLM was also published full report in security situations.

But Mercor itself was not a Delve customer, the company confirmed to TechCrunch. If, however, Mercor’s downfall continues, more money could be at risk. The company said it expected to hit $1 billion in annual revenue earlier this year before the data came out, an anonymous source told The Information.