India has a two-sided data problem. And both sides are getting worse simultaneously.
Late March 2026. A threat actor group poisoned two versions of LiteLLM — an open-source Python library downloaded 97 million times a month. The malicious versions were live for less than an hour. That was enough.
Mercor, a $10 billion AI startup serving OpenAI, Anthropic, and Meta, confirmed it was among thousands of companies hit. ~4TB of data exposed: contractor identities, video interviews, source code, API keys. Five lawsuits filed. Meta paused all work with them indefinitely. A company tracking toward $1B in annualized revenue is now doing damage control.
Mercor didn't even build LiteLLM. They just used it.
This is not a story about a reckless company cutting corners. It's a story about what happens when AI infrastructure becomes load-bearing — and how fast the consequences compound.
If you're running a business in India, read this carefully.
Problem 1: Most organizations still don't understand what DPDPA actually means for them
The Act has been in motion since 2023. The Rules were notified in November 2025. The Data Protection Board is operational. Full enforcement kicks in by May 2027 — which sounds comfortable until you realize that compliance programs, vendor assessments, and internal restructuring take months that most organizations are not spending.
The penalty structure deserves more attention than it's getting:
- Failure to implement reasonable security safeguards: up to ₹ 250 crore
- Failure to notify the Board and affected individuals of a breach: up to ₹ 200 crore
- Any other violation: up to ₹ 50 crore per instance
Unlike GDPR, these are not percentage-of-turnover caps. They are fixed maximums. Multiple violations attract cumulative penalties. And the Board has discretion on where within that range it lands — which means the quality of your controls, your documentation, and your response posture all matter at adjudication time.
Most DPOs and CISOs I speak to know the law exists. Far fewer have pressure-tested their actual exposure — especially when it comes to data processors, third-party vendors, and the tools their employees use every day.
Problem 2: AI has materially changed the data risk surface, and most threat models haven't caught up
This is where it gets uncomfortable.
The question organizations ask: "Have we deployed AI?" For many, the answer is still no. That answer creates a false sense of security.
The question that actually matters: "Are our employees using AI?" The answer to that is almost certainly yes.
Shadow AI — employees using consumer-grade AI tools outside any organizational visibility or control — is not a future risk. It is a present one. People are pasting customer data into AI tools to draft emails, uploading contracts for summaries, using coding assistants that send snippets to external servers. None of this shows up in DLP logs. None of it goes through vendor review. And almost none of it is being caught.
The Mercor breach was a sophisticated supply chain attack — external, targeted, technically complex. The data exposure risk from Shadow AI is usually far more mundane: an employee who doesn't realize the free AI tool they're using retains inputs for model training. Or that the team adopted a tool without IT review. Or that clearing conversation history is not the same as data deletion.
Why these two problems are worse together
AI adoption — sanctioned or not — increases the probability of data leaving your perimeter. The channels are broader, the behavior is habitual rather than deliberate, and visibility is close to zero.
DPDPA has simultaneously raised the cost of that data leaving. A breach that previously meant reputational damage and some churn now carries mandatory notification obligations and regulatory consequences running into the hundreds of crores.
Higher probability of breach. Higher cost of breach. The intersection is not abstract — it's a calculable exposure that boards should be asking their CISOs to quantify, and most haven't been asked yet.
The Mercor story adds one more dimension: reputation risk moves faster than legal risk. Meta paused operations before any regulatory finding. Customer trust — built over years — was called into question in days. Indian organizations handling personal data at scale are not structurally different.
What this means in practice
A few things worth sitting with:
On DPDPA: May 2027 is not a deadline to start. It's a deadline to be done. The Board is operational and complaints can be filed today. If you haven't mapped data flows, assessed processors, and tested breach notification readiness — you are already behind.
On Shadow AI: Blanket bans have failed everywhere they've been tried. They just drive usage underground. The answer is a governed AI framework that employees will actually use, with monitoring that gives visibility into what's happening at the edges.
On the intersection: AI governance and data protection compliance need to be a single program, not parallel workstreams. The data that matters for DPDPA is the same data employees are feeding into AI tools. The risk model needs to reflect that.
On supply chain: Your data protection posture is only as strong as the weakest link in your dependency chain. If you use AI infrastructure — APIs, open-source libraries, third-party model providers — those dependencies carry risk that needs to be assessed, not assumed away.
There's a version of this conversation that becomes alarmist and unhelpful. That's not what this is.
Two major risk vectors — regulatory exposure from DPDPA and data leakage from AI adoption — are converging in a way that most Indian organizations have not yet connected. Both were visible before Mercor. Mercor just made the picture harder to ignore.
The time to take this seriously is before the incident.