In April, Meta switched on a program that recorded how its own employees worked. Every keystroke, every mouse path, the contents of their screens, captured from US work laptops with no way to opt out. The stated goal was to teach Meta's AI how a human actually operates a computer. On June 22, the company paused the program, not because staff objected, but because the surveillance dataset had leaked to the entire workforce.

The program was built to learn from Meta's own staff

The tool is called the Model Capability Initiative, and Meta rolled it out internally in April. Its reasoning was specific. Today's AI models write fluent text but fumble the ordinary mechanics of software, clicking through menus, switching tabs, filling in forms. Meta decided the best teacher for that was its own workforce, so MCI began logging keystrokes and mouse clicks across Google, LinkedIn, Wikipedia, GitHub, Slack, and dozens of other sites and apps, along with periodic screenshots of employee screens.

Staff could not decline, and for most of the company participation was mandatory. Meta's chief technology officer confirmed the software shipped to US laptops with no opt-out, and the only relief was a button that paused recording for thirty minutes at a time. Then it switched back on.

One permissions error exposed everything it had collected

The failure did not come from an outside attacker. It came from a setting. A misconfiguration left the data MCI gathered readable by every employee in the company. An internal security notice, reviewed by Wired and detailed by Fast Company, put the exposed material across roughly 45,000 internal data tables: full AI prompts and transcriptions, private conversations, and performance records, all sitting in view of colleagues.

Meta logged the incident as a SEV 2. Its severity scale runs from 0 to 5, with 0 the most serious, which places this exposure third from the top, a major event by the company's own accounting.

The timeline reads as its own small indictment. Engineers spotted the exposure on June 18 and pushed a fix within four hours. The fix did not hold. Data stayed open to the whole company until a second notice went out on June 22, the day Meta finally suspended the program.

The workforce had warned this would happen

None of this caught the watched off guard. Before the leak, more than 1,600 employees signed an internal petition demanding the right to opt out and warning that the program carried serious security and regulatory risk. That second concern was not abstract: the tool also drew scrutiny over potential conflicts with European data-protection law. One Meta employee, quoted by Business Insider, wrote: "I am incensed," adding that the data "wasn't locked down as originally promised." Meta ran MCI anyway.

The company's public response is carefully worded. A spokesperson said Meta "carefully designed this program with privacy safeguards" and has "no indication" the data was improperly accessed, and is pausing the initiative "while we investigate." Leadership told staff it would re-enable MCI only once confident its data-protection controls work.

Why it matters

Strip away the specifics and a pattern shows through. The current push to build capable AI agents runs on behavioral data, not text scraped from the open web, but fine-grained recordings of how real people move through real software. That data is valuable because it is intimate. For the same reason, it turns radioactive the moment a single permission is set wrong.

Meta is not alone in collecting it. Every company training agents on human workflows is assembling a comparable archive, a high-resolution record of how its own people think and work. The MCI leak is a preview of what that archive looks like when it slips, and of who absorbs the damage. Not the executives, not the AI roadmap. The rank-and-file workers whose private chats and performance reviews became company-wide reading.

Worth noticing, too, is what MCI was not. This was not security monitoring, the familiar surveillance that flags a leaking laptop or a phished login. It was collection for its own sake, harvesting human behavior as raw material to build a product. The consent question that follows is sharper because of it: agreeing to be watched for safety is one bargain, and being recorded so your employer can train a model on your judgment is another.

Yet the pause changes less than it sounds like. MCI is suspended, not cancelled, and the misconfiguration that exposed the data is a separate question from the arrangement that produced the data in the first place. A company recorded its own staff in granular detail, on machines those staff were required to use, and the thing that stopped it was the recording escaping, not the recording itself.

Meta ran MCI through several layers of risk review and promised the data would be tightly controlled. Two months later, it leaked. So when the next employer assures its workforce that the behavioral data harvested from their laptops is safe, locked down, designed with safeguards, which word in that sentence has earned the benefit of the doubt?

Originally published as an Instagram carousel on @recul.ai.