Mercor, a $10 billion AI training-data startup serving customers including OpenAI, Anthropic, and Meta, confirmed a security breach that may have exposed sensitive customer and contractor information. The incident is linked to a supply chain attack involving LiteLLM, an open-source library used to connect applications to AI services. Mercor said it moved promptly to contain and remediate the incident and that a third-party forensics investigation is underway. Unconfirmed reports circulating online suggest datasets tied to some customers’ “secretive” AI projects may have been compromised. The breach is a direct compliance and cybersecurity warning for higher education AI initiatives: data governance now extends beyond university-built systems into third-party LLM connectors and vendor toolchains.