Mercor, a $10 billion AI training-data startup serving major model providers including OpenAI and Anthropic, confirmed it experienced a security breach that may have exposed sensitive customer and user data. The incident was linked to a supply chain attack involving LiteLLM, an open-source library widely used to connect applications to AI services. Mercor said it moved to contain and remediate the issue and initiated a third-party forensics investigation. Unconfirmed reports circulating online suggest datasets used by some customers—and details about customers’ confidential AI projects—may have been compromised. For higher education, the breach matters for how universities procure and integrate AI platforms and developer tools in research and instruction. Supply-chain incidents also raise compliance and incident-response expectations across campus IT, procurement, and research administration.