Mercor, a $10 billion AI startup that provides training data to major AI companies including OpenAI and Anthropic, confirmed a major data breach that may have exposed sensitive customer and user information. The incident has been linked to a supply chain attack involving LiteLLM, an open-source library used to connect applications to AI services. Mercor said it moved promptly to contain and remediate the issue and is conducting a third-party forensics investigation. The breach underscores that higher education and research organizations integrating AI tooling may inherit upstream risks from widely used libraries and vendor ecosystems.