On March 27, 2026, TeamPCP (a threat group also linked to the European Commission cloud breach) compromised PyPI publishing credentials for LiteLLM, a widely used open-source library for calling AI/LLM APIs. Malicious versions were published to PyPI, enabling downstream compromise of users. Mercor (a $10B AI data training startup) was a confirmed victim: attackers exfiltrated approximately 4 TB of data including 939 GB of platform source code, a 211 GB user database, and 3 TB of storage (video interviews and identity verification passport data for candidates). Lapsus$ subsequently claimed responsibility and auctioned data on dark web forums. Meta indefinitely paused work with Mercor. Five contractors filed lawsuits. TeamPCP is also attributed to the March 2026 European Commission AWS breach via the Trivy tool compromise.