40,000 AI Contractors' Voices Stolen — The LiteLLM Supply Chain Attack Exposes AI's Dirty Secret
Hackers stole 4TB of biometric data — voice samples, ID documents, and interview footage — from 40,000 AI contractors at Mercor, a $10B startup that trains AI for OpenAI, Anthropic, and Meta. The attack exploited a backdoored version of the open-source LiteLLM library, downloaded 95 million times per month.
Original source## The Breach
In late March 2026, a threat actor known as TeamPCP compromised the PyPI publishing credentials for LiteLLM — an open-source AI API gateway used by millions of developers. They injected a three-stage malicious backdoor into versions 1.82.7 and 1.82.8, designed to harvest credentials and establish persistent system access. Mercor, which runs its AI training operations through LiteLLM, was one of the victims.
The stolen payload is roughly four terabytes. It includes voice recordings averaging two to five minutes per contractor — studio-clean audio paired with the same person's government ID, full name, email, work history, and Social Security number for U.S. workers. Video footage of interviews, including faces, voices, and screen shares, was also captured. For some contractors, passports were stored in the breach.
## Why This Is Different
Voice biometrics paired with identity documents is the combination that breach analysts have warned about for years. This data can be used for synthetic identity fraud, voice cloning for social engineering, and bypassing voice-authenticated systems. The 40,000 contractors affected aren't random users — they're the human labelers and evaluators who built the RLHF pipelines behind every major frontier model.
The attack vector — a poisoned open-source dependency downloaded 95 million times monthly — highlights a systemic vulnerability in the AI industry's infrastructure. LiteLLM is not a niche tool; it's the API proxy layer that thousands of AI companies rely on to route between providers like OpenAI, Anthropic, and Google.
## Fallout
Meta indefinitely paused all work with Mercor following the disclosure. Five contractor lawsuits have been filed. Mercor confirmed the breach in early April 2026, attributing it to the LiteLLM supply chain compromise. The company is valued at $10 billion and counts the major AI labs as clients — making this one of the most sensitive data breaches in AI industry history.
## What Developers Should Do
Any project using LiteLLM versions 1.82.7 or 1.82.8 should rotate all credentials immediately and audit access logs for the relevant period. Pin your dependency versions and check hash integrity on updates — standard supply chain hygiene that the AI industry has been slow to adopt.
Panel Takes
The Builder
Developer Perspective
“This is the software supply chain attack the AI industry has been warned about for years and collectively ignored. A poisoned LiteLLM version touched millions of projects. If you haven't pinned your AI gateway dependencies and verified hashes, you're still vulnerable to the next one.”
The Skeptic
Reality Check
“The AI training data supply chain is one giant unregulated mess of contractors, middlemen, and open-source tooling with no security audits. Mercor is the breach that made the news — but how many smaller contractors and labeling shops have been quietly compromised and don't know it yet?”
The Futurist
Big Picture
“The AI industry's dependence on a fragile web of open-source infrastructure — LiteLLM, LangChain, vector DBs — without enterprise-grade security practices is a fundamental vulnerability. Expect regulation or a major incident (possibly this one) to force a reckoning with AI supply chain security standards.”