According to sources familiar with the matter who spoke to media outlets, tech giant Meta has paused its collaboration with AI training startup Mercor and launched an investigation into recent data breach incidents at the latter. This move highlights that in the context of rapid large-scale language model development, security issues within the AI data supply chain have increasingly become a focal point for the industry. Since its founding, Mercor has focused on providing AI model training support for major technology companies by organizing numerous human annotators and domain experts to deliver high-quality training data for models. In October last year, during a funding round, the company reached a valuation of $10 billion and established partnerships with multiple tech firms including Meta. However, the turning point came amid a supply chain attack. Mercor confirmed it recently experienced a security vulnerability incident related to the open-source project LiteLLM. The scope of this attack was broad; according to Mercor, it affected "thousands of impacted companies," among which Mercor itself was one. In an official statement, Mercor emphasized that data privacy and security form the core foundation of its operations. The company stated that upon discovering the issue, its security team swiftly implemented containment measures and repairs while initiating a comprehensive investigation. Additionally, Mercor engaged third-party forensic experts to assist in analysis, aiming to assess the extent of impact and potential risks associated with the event. To date, Meta has yet to make any public comments regarding this matter. However, the decision to suspend cooperation is viewed as part of prudent risk management efforts, reflecting top-tier tech enterprises' heightened sensitivity toward data security concerns. Industry insiders note that as reliance on high-quality data deepens for AI models, data service providers like Mercor are becoming critical infrastructure nodes. Should vulnerabilities emerge within such supply chains, consequences could extend beyond compromised model training quality to include serious implications for privacy compliance and overall security risks. This incident may further drive technology companies to strengthen their scrutiny over AI outsourcing arrangements and data partners.