Big Privacy Fail at Meta: AI Program Paused Following Company-Wide Data Leak

Meta has paused its Model Capability Initiative following the discovery that sensitive employee data collected to train artificial intelligence systems had been made accessible to staff across the organisation. The programme recorded keystrokes, mouse activity and occasional screen content from US-based workers as part of efforts to build better AI.

Launched in April this year, it formed part of Meta's push to develop advanced AI agents capable of handling routine computing tasks autonomously. Meta announced the indefinite pause on Monday and is conducting an investigation, with a spokesperson stating that privacy safeguards had been included in the design from the outset.

The Model Capability Initiative

Reuters first reported that the initiative was rolled out to most US employees via software installed on their work devices. It captured detailed records of how staff interacted with computers during their daily duties, including keystrokes, mouse clicks and movements, as well as occasional snapshots of screen content on work-related applications and websites.

Internal communications described the aim as providing real-world examples to enhance AI models, enabling them to better understand and replicate human actions such as selecting options from dropdown menus or employing keyboard shortcuts.

Meta's chief technology officer noted ambitions for AI agents to carry out more operational work, with employees shifting towards direction and review roles. Although the data was not to be used for assessing individual performance, the mandatory aspect for the majority of staff prompted early objections from workers over privacy implications and the surveillance-like nature of the monitoring.

In response to feedback, the company later allowed staff to pause collection for up to 30 minutes and request exemptions in certain circumstances. Legal observers had flagged potential issues under data protection regulations in the United States and Europe regarding consent and the handling of such detailed activity information.

Details of the Data Leak

An internal security alert highlighted that information gathered by the programme had been exposed through a configuration issue, rendering it viewable by employees company-wide. This included elements such as private employee conversations, performance-related records and transcriptions of activity captured by the system.

The matter was classified internally as a severity two incident on Meta's scale. Screenshots circulating among staff and obtained by news organisations showed the breadth of the accessible material. Reactions in internal discussion groups were sharply critical, with participants voicing frustration at the apparent failure to implement the promised level of data protection and security.

One employee stated they were 'incensed' by the situation, noting the absence of signs of deliberate misuse but underscoring disappointment over the lapse in security controls that had been assured earlier. Meta has confirmed it is not aware of any unauthorised access by its employees beyond the unintended internal exposure described.

Meta's Pause and Investigation

A company spokesperson explained that the programme had been developed with privacy measures in place and that the pause would permit a complete and thorough review of how the incident occurred.

The firm emphasised there is currently no indication that any Meta employees accessed the data in an improper manner. The suspension affects the ongoing collection of new data for the AI training effort and is expected to remain in place until the investigation concludes. This incident adds to recent difficulties encountered with Meta's AI-related systems.

Staff sentiment remains mixed, with some continuing to question the overall approach to using detailed workplace activity data for model improvement purposes. The investigation is expected to determine the precise cause of the broad accessibility and what additional steps may be required to strengthen the system's safeguards moving forward.