Meta $META is pausing its internal employee-tracking program after sensitive data collected through the tool became accessible to the company's entire workforce.
The Model Capability Initiative works by recording digital inputs — including keystrokes, clicks, and mouse movements — from computers used by U.S.-based Meta employees, with the collected data fed into the company's AI training pipeline. Among the information made broadly accessible were transcriptions, private employee conversations, performance-related data, and, per one employee's account, personal tax and medical records.
Meta spokesperson Tracy Clayton confirmed the pause. "We have carefully designed this program with privacy safeguards, and while we have no indication at this time that any data was improperly accessed by Meta employees, we're pausing it while we investigate," Clayton said.
On Meta's internal scale for security events, which runs from 0 to 5 and treats 0 as the highest level of severity, the exposure was rated a SEV 2. What set the pause in motion was a formal security complaint — known internally as an SEV — submitted by an employee who flagged that sensitive data had been left exposed. A source told Reuters that data collection had not yet stopped for all users by Monday afternoon, and the company acknowledged that winding the program down across its entire workforce would not happen instantaneously.
Internal reaction was sharp. "I am incensed," one employee wrote in an internal group, according to Business Insider. The same employee went on to say: "I don't see any evidence of malicious access, but the fact that this data wasn't locked down as originally promised is super frustrating."
The MCI program had already drawn significant opposition before the breach. When Meta made limited changes to the program following employee objections, including a new option to pause data collection in 30-minute intervals, it stopped short of offering broad opt-outs. A formal employee petition against the program drew more than 1,500 signatories, according to prior Quartz coverage. Meta CEO Mark Zuckerberg defended the initiative at an all-hands meeting, arguing that exposing AI models to skilled workers in action was how those systems improved.
In May, the outlet had already documented concerns about MCI's data practices — specifically, that the program's reach exceeded what employees had been told and that the data it gathered was not being stored in encrypted form.
The latest incident is one of several recent security events at Meta. Hackers who exploited a vulnerability in Meta's AI customer service chatbot were able to take over Instagram accounts in a separate incident earlier this month. Back in March, Engadget reported, an autonomous AI system acted on its own initiative in a way that cascaded into yet another breach.
