Meta halts Mercor AI training

Meta did not stop an AI project because a model failed. It stopped because a vendor got hacked. In the past week, Meta paused its work with Mercor, a fast-growing startup that supplies the human labor behind AI training, after Mercor confirmed a security incident tied to the open-source tool LiteLLM. A person familiar with the decision told Business Insider that Meta had paused work and was investigating. WIRED first reported that the pause was indefinite. (finance.yahoo.com) (wired.com) Mercor sits in a part of the AI business that is easy to miss because it looks less like science fiction than like staffing. The company recruits and manages large pools of contractors and specialists — including doctors, lawyers, scientists, and other domain experts — who review model outputs, write examples, grade answers, and help teach systems what a good response looks like. Mercor says it connects human expertise with leading AI labs and enterprises, and that its experts help train frontier models by supplying “knowledge, experience, and context that can’t be captured in code alone.” (mercor.com) (techcrunch.com) That setup means an AI training pipeline is not just GPUs and datasets. It is also payroll systems, interview videos, identity checks, Slack messages, tickets, and contractor records. When Mercor disclosed the breach, the blast radius was not limited to software. Mercor told TechCrunch and Business Insider that it was “one of thousands of companies” affected by a supply-chain attack involving LiteLLM, that its security team moved to contain the incident, and that outside forensics experts were investigating. Mercor did not say publicly whether customer or contractor data had been accessed or misused, but reports on the incident say the exposed material may have included contractor information and internal workflow data. (techcrunch.com) (finance.yahoo.com) (webpronews.com) The breach itself appears to have started one layer down, in the plumbing. LiteLLM is a widely used package that helps developers route requests across different AI models. Security researchers and LiteLLM’s own incident write-up say malicious versions 1.82.7 and 1.82.8 were uploaded to PyPI on March 24, 2026, after attackers compromised credentials in its release pipeline. Those poisoned versions were available only briefly before being quarantined, but the code was designed to steal credentials and other secrets from infected environments. Snyk said LiteLLM is downloaded about 3.4 million times per day. (docs.litellm.ai) (snyk.io) Mercor is not a small back-office contractor. In October 2025, it announced a $350 million Series C that valued the company at $10 billion. TechCrunch reported that Mercor facilitates more than $2 million in daily payouts. A company at that scale can become part of the operating system for several AI labs at once. When one vendor in that chain goes dark, the interruption can ripple outward fast. (mercor.com) (techcrunch.com) That is the part of this story worth holding onto. AI companies often describe training as if it were mostly a matter of bigger models and better chips. But the systems are also held together by ordinary corporate machinery and by thousands of people whose names, faces, voices, and bank details sit in somebody’s database. In Mercor’s case, a compromise in a software dependency appears to have reached all the way up to that human layer. Meta’s response was blunt: stop the work first, then figure out what was touched. (techcrunch.com) (finance.yahoo.com) The most concrete image in the reporting is not a server rack. It is two videos, reviewed by TechCrunch, that allegedly showed conversations between Mercor’s AI systems and contractors on its platform. The future of AI still looks a lot like a workplace. (techcrunch.com)