Mercor, a $10 billion AI startup that supplies training data to major model providers including OpenAI and Anthropic, confirmed a major data breach. The incident was linked to a supply-chain attack involving LiteLLM, a widely used open-source library for connecting applications to AI services. Mercor said it is one of “thousands of companies” affected by the LiteLLM supply-chain compromise and that it is working with third-party forensics while containing and remediating the incident. The company also emphasized that customer and contractor privacy is foundational to its operations. The breach matters for higher education because universities increasingly rely on AI vendor ecosystems—often integrating open-source tooling through campus apps, research pipelines, and third-party services. This development raises immediate institutional action items: review AI vendor contracts for security obligations, audit integrations using open-source LLM gateways, and update data-handling controls for research and student-facing systems.