Thursday, April 2

Twin cybersecurity incidents leave AI industry shaken


The AI industry is dealing with the fallout from two security incidents this week that exposed customer data at Mercor and source code at Anthropic (ANTH.PVT).

Mercor was hit via a supply chain attack related to an open-source project called LiteLLM. As a result, the hacking group Lapsus$ said it gained access to Mercor’s customer data, TechCrunch reported.

Mercor uses experts in different fields to train related AI models. Its customers include the likes of OpenAI (OPAI.PVT) and Anthropic.

In a post on X, Y Combinator president and CEO Garry Tan said the hack puts an “incredible amount of [state-of-the-art] training data” from “every major lab” worth billions of dollars online, making it easily accessible to rivals like China and creating a national security problem.

FILE - Dario Amodei, CEO and co-founder of Anthropic, attends the annual meeting of the World Economic Forum in Davos, Switzerland, Jan. 23, 2025. (AP Photo/Markus Schreiber, File)
Anthropic CEO and co-founder Dario Amodei attends the annual meeting of the World Economic Forum in Davos, Switzerland, on Jan. 23, 2025. (AP Photo/Markus Schreiber, File) · ASSOCIATED PRESS

Anthropic’s own source code leak, meanwhile, was related to human error, the company told the Wall Street Journal, meaning it wasn’t the victim of a hack or other form of cybersecurity attack.

And while the incident didn’t involve the kind of data that powers Anthropic’s Claude, it did include information such as how the company can talk the AI into performing certain tasks.

Anthropic has since issued several copyright takedown requests to have the leaked data removed from code-sharing site GitHub.

The problem for Anthropic is that once its code is on the internet, it’s out there forever, potentially giving malicious actors the means to attack the AI in the future.

Marc Andreessen, co-founder of Andreessen Horowitz, wrote in his own post on X that the incidents mark the end of the AI industry’s “we’ll lock it up” approach to cybersecurity.

It’s inevitable that an AI company will face some kind of cybersecurity issue during its lifetime, but the fact that the Mercor attack and Anthropic leak occurred in such quick succession heightens the drama for the tech industry.

Sign up for Yahoo Finance's Week in Tech newsletter.
Sign up for Yahoo Finance’s Week in Tech newsletter. · Yahoo Finance

Email Daniel Howley at dhowley@yahoofinance.com. Follow him on Twitter at @DanielHowley.

Click here for the latest technology news that will impact the stock market

Read the latest financial and business news from Yahoo Finance





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *