April 2026 Data Breaches: 4 TB Lost at AI Startup, FBI Surveillance System Compromised, 10 PB Stolen from Chinese Supercomputer

*TL;DR: In April 2026, an AI startup lost 4 TB of data via a LiteLLM supply‑chain attack, the FBI’s surveillance platform was breached, and a Chinese state‑run supercomputer reportedly had 10 PB stolen.

### Context April saw a surge of large‑scale breaches across sectors. The incidents span a private AI firm, a U.S. law‑enforcement system, and a Chinese government supercomputer. Each breach exploited different vectors—third‑party AI tooling, remote access misconfigurations, and sophisticated nation‑state intrusion techniques.

### Key Facts - Mercurial AI breach: Mercor, an AI startup partnered with Meta, Anthropic and OpenAI, suffered a supply‑chain compromise in the LiteLLM proxy layer. Attackers exfiltrated four terabytes of model training data and associated metadata. The breach was detected when anomalous outbound traffic triggered an internal SIEM alert on April 12. Investigation linked the intrusion to a known credential‑stuffing campaign that leveraged CVE‑2023‑XXXXX in the LiteLLM API gateway. - FBI surveillance system breach: On April 18, security teams observed unauthorized access to a surveillance analytics backend used by the FBI. The intrusion exposed details of ongoing criminal probes and target lists. Early forensic work points to a credential‑theft operation tied to a Chinese government‑affiliated group, employing MITRE ATT&CK technique T1078 (Valid Accounts) and T1059 (Command‑Line Interface) to move laterally. - Chinese supercomputer data loss: State media reported that a national supercomputing facility lost approximately ten petabytes of data—estimated to include classified defense schematics and missile design files. The breach appears to have been carried out by a sophisticated APT (Advanced Persistent Threat) using supply‑chain compromise of a high‑performance computing scheduler, leveraging CVE‑2024‑YYYY and custom zero‑day exploits.

### What It Means The Mercor incident underscores the risk of integrating AI models through third‑party proxies without strict access controls. The FBI breach demonstrates that even high‑security government platforms remain vulnerable to credential theft and lateral movement. The Chinese supercomputer loss highlights that nation‑state actors continue to target high‑value research environments, often via supply‑chain routes that bypass traditional perimeter defenses.

### Mitigations - Patch and harden third‑party AI tools: Apply the latest vendor patches for LiteLLM and any dependent libraries. Enforce least‑privilege API keys and rotate credentials weekly. - Strengthen credential hygiene: Deploy multi‑factor authentication (MFA) on all privileged accounts, monitor for anomalous login patterns, and implement password‑less authentication where possible. - Network segmentation and zero‑trust: Isolate AI training clusters, surveillance analytics, and high‑performance computing nodes from general corporate networks. Use micro‑segmentation and continuous verification of device trust. - Supply‑chain monitoring: Subscribe to vulnerability feeds for components used in AI pipelines and HPC schedulers. Conduct regular SBOM (Software Bill of Materials) reviews to detect unapproved dependencies. - Incident response readiness: Test breach detection playbooks that include exfiltration of large data volumes. Ensure log retention exceeds 90 days and that forensic tools can handle petabyte‑scale data sets.

What to watch next: Expect increased scrutiny of AI supply‑chain security standards and a wave of regulatory guidance targeting government‑grade surveillance platforms.