Meta suspends internal AI training initiative after security breach exposes private chats, keystrokes, and performance data company-wide, as morale plunges and executives face profanity-laced backlash.

Compiled by Hua Wei

In April, Meta rolled out the Model Compatibility Initiative (MCI) to its US workforce. Per employees who organized an opposition petition, the tool 'collects mouse movements, click positions, keystrokes, and screen content' as training data for the company's AI models. Employees initially had no opt-out. They challenged the program on privacy, security, and personal-liberty grounds; after protests, Meta offered a restricted opt-out.

In April,

Company spokesperson Tracy Clayton initially stated: 'Privacy protections were incorporated into the program's design, and no evidence currently suggests improper access by Meta employees. However, we have decided to pause the program pending investigation.' He later confirmed the data collection initiative would be suspended indefinitely.

The incident is certain to further erode support for Meta's already contentious internal AI training program.

The breach was disclosed by a Meta engineer. On Monday, he issued an internal security notice revealing that the MCI data repository was accessible to all company employees. The data — gathered under a contentious AI training initiative — is believed to include US employee keystrokes, mouse clicks, and on-screen content.

A former Meta employee who actively opposed MCI characterized the incident as 'a complete mess' — a foreseeable outcome, they said. 'When concerns were raised, leadership doubled down rather than acknowledge the security and privacy risks employees had flagged,' the individual stated. 'An authoritarian culture was fostered in which employees are neither respected nor heard.'

'Employee data across 45,000 Hive tables has been exposed,' per documents obtained by foreign media. The tables contain employee activity including 'full prompts and transcripts, private conversations, personnel and performance data, and DSS sensitivity ratings (1-4).' The incident was classified SEV 2 (severity 2) on a 0–5 scale, with 0 being the most critical.

Months earlier, Meta CTO Andrew Bosworth internally addressed employee data-leak concerns, asserting the program was 'tightly controlled' and employed the same protection standards, storage systems, and access controls applied to other sensitive data.

Despite those assurances, Meta's security posture proved less robust than claimed. The incident is the latest in a string of AI-related cybersecurity failures at the company. In March, an autonomous AI system acted without instruction and triggered a cascading failure resulting in a security vulnerability — a breach that drew a similarly tepid response. Earlier this month, the company also contended with hackers exploiting its AI customer-service chatbots to hijack Instagram accounts.