内容来源：https://www.wired.com/story/meta-pauses-work-with-mercor-after-data-breach-puts-ai-industry-secrets-at-risk/

内容总结：

多家头部AI公司紧急评估数据合作方安全漏洞，行业数据供应链安全引关注

据外媒报道，人工智能数据服务商Mercor近期遭遇重大安全漏洞，已引发其重要客户——包括Meta、OpenAI、Anthropic等全球头部AI实验室——的紧急安全审查与合作关系重估。

据悉，Mercor是少数为OpenAI、Anthropic等公司提供核心训练数据生成服务的供应商之一。该公司通过庞大的人力网络，为AI实验室定制高度保密、具有专利性质的数据集。这些数据集是开发ChatGPT、Claude等尖端AI产品的核心“配方”，其内容若泄露，可能向竞争对手（包括美国及中国的其他AI实验室）暴露关键模型训练方法，因此受到AI公司的高度保护。

消息人士证实，Meta已无限期暂停与Mercor的所有合作项目，受此影响的合同工目前无法记录工时，实际处于停工状态。OpenAI虽未中止现有项目，但已就事件可能造成的专有训练数据暴露风险展开调查，并强调此事不影响其用户数据。Anthropic等其他主要AI实验室也在重新评估与Mercor的合作范围。

Mercor在3月31日向员工确认遭遇安全事件，称其系统与全球数千家组织一同受到影响。调查指向黑客组织TeamPCP，该组织近期通过污染AI工具LiteLLM的两个版本更新，发起大规模供应链攻击，Mercor是已知受害企业之一。此次泄露数据的实际价值及其是否真能助力竞争对手，目前尚不明确。

值得注意的是，一个自称“Lapsus$”的组织近期声称入侵了Mercor，并试图出售包括数百GB数据库、近1TB源代码及大量视频在内的数据。但安全研究人员指出，目前有多起犯罪活动冒用“Lapsus$”之名，且根据Mercor确认的LiteLLM关联，攻击者更可能为TeamPCP或其关联团伙。该团伙主要以经济利益为驱动，但近期活动也涉足地缘政治领域，例如针对特定语言或时区的云实例发起数据清除蠕虫攻击。

此事件凸显了AI行业数据供应链的脆弱性与高度敏感性。Mercor及其同行企业（如Surge、Scale AI等）向来以极度保密著称，极少公开其具体服务内容，内部甚至使用代号指代项目。此次安全漏洞不仅使合作项目陷入停滞，也迫使整个行业重新审视对第三方数据服务商的安全依赖。随着AI竞赛日趋激烈，核心训练数据的安全已成为行业不可忽视的战略风险。

中文翻译：

据两位消息人士向《连线》杂志证实，Meta已暂停与数据承包商Mercor的所有合作，同时正在调查一起影响这家初创公司的重大安全漏洞。消息人士称，此次暂停将无限期持续。据知情人士透露，其他主要人工智能实验室也在重新评估与Mercor的合作，以评估事件影响范围。

Mercor是少数为OpenAI、Anthropic等人工智能实验室提供模型训练数据生成服务的公司之一。该公司雇佣庞大的人力承包商网络，为这些实验室生成定制化、专有的数据集。由于这些数据集是开发ChatGPT和Claude Code等有价值AI产品的核心要素，通常被高度保密。AI实验室对此类数据极为敏感，因为它们可能向竞争对手（包括美国和中国其他AI实验室）泄露其训练AI模型的关键细节。目前尚不清楚Mercor泄露的数据是否会对竞争对手产生实质性帮助。

OpenAI发言人向《连线》证实，尽管尚未停止与Mercor的现有项目，但正在调查该初创公司的安全事件，以评估其专有训练数据可能如何泄露。该发言人同时表示，此事件完全不影响OpenAI用户数据。Anthropic未立即回应《连线》的置评请求。

Mercor在3月31日给员工的电子邮件中确认了此次攻击："近期发生了一起安全事件，影响了我们的系统以及全球数千家其他组织。"

《连线》获悉，一位Mercor员工在周四给承包商的消息中重申了这些信息。知情人士称，参与Meta项目的承包商在项目恢复前（如果还能恢复）无法记录工时，这意味着他们实际上可能面临停工。根据《连线》查阅的内部对话记录，该公司正在努力为受影响人员寻找其他项目。

Mercor承包商并未被告知Meta项目暂停的具体原因。在专门讨论Chordus计划（Meta为训练AI模型使用多互联网源验证用户查询回应的专项计划）的Slack频道中，项目负责人告知员工Mercor"正在重新评估项目范围"。

一个名为TeamPCP的攻击者近期似乎入侵了AI工具LiteLLM的两个版本。此次入侵波及所有使用LiteLLM并安装受污染更新的公司及服务，潜在受害者可能达数千家，包括其他主要AI公司。但Mercor的案例特别凸显了所泄露数据的敏感性。

Mercor及其竞争对手（如Surge、Handshake、Turing、Labelbox和Scale AI）以为主要AI实验室提供高度保密服务而闻名。这些公司的CEO很少公开谈论具体业务内容，内部也使用代号来指代项目。

使黑客事件更显扑朔迷离的是，本周一个使用知名名称Lapsus$的组织声称入侵了Mercor。该组织通过Telegram账户和BreachForums克隆网站，试图出售据称来自Mercor的大量数据，包括200多GB的数据库、近1TB的源代码以及3TB的视频和其他信息。但研究人员指出，目前许多网络犯罪组织会周期性冒用Lapsus$之名，而Mercor确认的LiteLLM关联意味着攻击者很可能是TeamPCP或其关联组织。

TeamPCP对两个LiteLLM版本的入侵，似乎是其近几个月来更大规模供应链攻击狂潮的一部分，这类攻击正呈上升趋势，使TeamPCP声名鹊起。该组织在发动数据勒索攻击、与Vect等勒索软件组织合作的同时，还涉足政治领域——通过默认语言为波斯语或时钟设置为伊朗时区的脆弱云实例，传播名为"CanisterWorm"的数据清除蠕虫。

专注于勒索软件研究的安全公司Recorded Future分析师艾伦·利斯卡指出："TeamPCP绝对受经济利益驱动。虽然可能涉及地缘政治因素，但很难分辨其中哪些是真实行动，哪些是虚张声势，对于这样一个新兴组织尤其如此。"在查看暗网上所谓的Mercor数据帖文后，他补充道："这些信息与原始Lapsus$组织毫无关联。"

英文来源：

Meta has paused all its work with the data contracting firm Mercor while it investigates a major security breach that impacted the startup, two sources confirmed to WIRED. The pause is indefinite, the sources said. Other major AI labs are also reevaluating their work with Mercor as they assess the scope of the incident, according to people familiar with the matter.
Mercor is one of a few firms that OpenAI, Anthropic, and other AI labs rely on to generate training data for their models. The company hires massive networks of human contractors to generate bespoke, proprietary datasets for these labs, which are typically kept highly secret as they’re a core ingredient in the recipe to generate valuable AI models that power products like ChatGPT and Claude Code. AI labs are sensitive about this data because it can reveal to competitors—including other AI labs in the US and China—key details about the ways they train AI models. It’s unclear at this time whether the data exposed in Mercor’s breach would meaningfully help a competitor.
While OpenAI has not stopped its current projects with Mercor, it is investigating the startup’s security incident to see how its proprietary training data may have been exposed, a spokesperson for the company confirmed to WIRED. The spokesperson says that the incident in no way affects OpenAI user data, however. Anthropic did not immediately respond to WIRED’s request for comment.
Mercor confirmed the attack in an email to staff on March 31. “There was a recent security incident that affected our systems along with thousands of other organizations worldwide,” the company wrote.
A Mercor employee echoed these points in a message to contractors on Thursday, WIRED has learned. Contractors who were staffed on Meta projects cannot log hours until—and if—the project resumes, meaning they could functionally be out of work, a source familiar claims. The company is working to find additional projects for those impacted, according to internal conversations viewed by WIRED.
Mercor contractors were not told exactly why their Meta projects were being paused. In a Slack channel related to the Chordus initiative—a Meta-specific project to teach AI models to use multiple internet sources to verify their responses to user queries—a project lead told staff that Mercor was “currently reassessing the project scope.”
An attacker known as TeamPCP appears to have recently compromised two versions of the AI API tool LiteLLM. The breach exposed companies and services that incorporate LiteLLM and installed the tainted updates. There could be thousands of victims, including other major AI companies, but the breach at Mercor illustrates the sensitivity of the compromised data.
Mercor and its competitors—such as Surge, Handshake, Turing, Labelbox, and Scale AI—have developed a reputation for being incredibly secretive about the services they offer to major AI labs. It’s rare to see the CEOs of these firms speaking publicly about the specific work they offer, and they internally use codenames to describe their projects.
Adding to the confusion around the hack, a group going by the well-known name Lapsus$ claimed this week that it had breached Mercor. In a Telegram account and on a BreachForums clone, the actor offered to sell an array of alleged Mercor data, including a 200-plus GB database, nearly 1 TB of source code, and 3 TBs of video and other information. But researchers say that many cybercriminal groups now periodically take up the Lapsus$ name and that Mercor’s confirmation of the LiteLLM connection means that the attacker is likely TeamPCP or an actor connected to the group.
TeamPCP appears to have compromised the two LiteLLM updates as part of an even larger supply chain hacking spree in recent months that has been gaining momentum, catapulting TeamPCP to prominence. And while launching data extortion attacks and working with ransomware groups, such as the group known as Vect, TeamPCP has also strayed into political territory, spreading a data wiping worm known as “CanisterWorm” through vulnerable cloud instances with Farsi as their default language or clocks set to Iran’s time zone.
“TeamPCP is definitely financially motivated,” says Allan Liska, an analyst for the security firm Recorded Future who specializes in ransomware. “There might be some geopolitical stuff as well, but it’s hard to determine what’s real and what’s bluster, especially with a group this new.”
Looking at the dark-web posts of the alleged Mercor data, Liska adds, “There is absolutely nothing that connects this to the original Lapsus$.”