Pulse

Trust / Jun 23, 2026 / 6 min

Meta Paused Keystroke Tracking After Sensitive Employee Data Leaked

On June 22, Meta paused its mandatory keystroke-tracking AI training program after sensitive employee data — private chats, performance reviews, screen transcriptions — became accessible to the entire company, vindicating 1,600 workers who warned the surveillance effort would become a security crisis.

Thesis Frontier labs are treating employees as training data before they've solved the security architecture to hold it — and Meta just proved the pipeline leaks from the inside.

Meta spent two months recording every keystroke, click, and screenshot from its U.S. workforce to train AI agents — then left the collected data open to the entire company. The June 22 pause wasn't a privacy epiphany. It was damage control after the exact breach 1,600 employees predicted.

Why this broke now: On June 22, Meta suspended its Model Capability Initiative (MCI) while investigating a permissions failure that made sensitive employee data visible companywide, Business Insider first reported. An employee filed a high-priority security incident — classified SEV 2 on Meta's internal scale, where 0 is most severe.

Meta spokesperson Tracy Clayton told Reuters: "We have carefully designed this program with privacy safeguards, and while we have no indication at this time that any data was improperly accessed by Meta employees, we're pausing it while we investigate."

What MCI collected: Launched in April 2026, MCI installed tracking software on U.S. employees' work laptops — mandatory for most staff, with no initial opt-out.

  • Keystrokes, mouse movements, and clicks across work apps and websites
  • Periodic screenshots of screen content
  • Targets included Gmail, Google Chat, VS Code, Meta's internal Metamate assistant, plus Google, LinkedIn, Wikipedia, Slack, and GitHub, per CNBC
  • Purpose: train AI agents to navigate computers the way humans do — dropdown menus, keyboard shortcuts, real workflows

Meta rebranded the broader effort as the Agent Transformation Accelerator. CTO Andrew Bosworth told staff the company would step up internal data collection to close the agent gap.

What leaked: This was not an external hack. A permissions misconfiguration left MCI data accessible to all Meta employees.

  • Exposed material included full prompts and transcriptions, private conversations, people and performance data, and DSS sensitivity ratings, per internal documentation reviewed by Reuters
  • Business Insider obtained screenshots showing the exposure scope
  • Reuters reported in May the program was collecting more information than initially described and storing it in unencrypted form

One employee wrote on an internal forum Monday: "I am incensed. I don't see any evidence of malicious access, but the fact that this data wasn't locked down as originally promised is super frustrating." Business Insider reviewed the post.

What workers warned: More than 1,600 Meta employees signed a petition at mcipetition.com demanding the program be scrapped — citing security risks, regulatory exposure, and the indignity of training their own replacements.

  • Flyers at U.S. offices in May asked: "Don't want to work at the Employee Data Extraction Factory?" Reuters/CNA
  • Organizers cited NLRA protections for concerted activity over working conditions
  • After weeks of backlash, Meta added a 30-minute tracking pause and limited exemptions — but never made the program voluntary

What Zuckerberg said: At an April 30 all-hands, leaked audio obtained by labor outlet More Perfect Union captured CEO Mark Zuckerberg explaining why employees make better training subjects than contractors: "The AI learns from watching really smart people do things. The average intelligence of the people who are at this company is significantly higher than the average set of people that you can get to do tasks."

On the record the same day, Zuckerberg denied surveillance uses: "None of the data is being used for looking at what people are doing or surveillance or performance tracking or anything like that." The leak exposed performance data anyway.

Meta spokesperson Andy Stone's April framing still stands as the company's public line: "If we're building agents to help people complete everyday tasks using computers, our models need real examples of how people actually use them — things like mouse movements, clicking buttons, and navigating dropdown menus." CNBC

The pattern: MCI is Meta's third AI security embarrassment in three months.

  • March: A rogue agentic AI triggered a severe internal security incident, per Engadget citing The Information
  • June: Hackers exploited Meta's AI customer-service chatbot to hijack Instagram accounts, per Engadget
  • May 20: Meta cut roughly 8,000 jobs — about 10% of its workforce — while asking the survivors to log every click for model training

Meta has not said when MCI resumes or whether it returns in its current form. Press learned of the pause before many employees did.

Convina's view: The frontier AI race has a data problem nobody wants to price honestly: the cheapest, richest behavioral training set is sitting inside your own company — and Meta just demonstrated you cannot secure it well enough to collect it at scale. Keystroke surveillance dressed as "agent training" is not a workforce strategy. It is a liability factory that leaks before the models ship. Any enterprise copying this playbook should assume the breach comes first and the apology comes second. The question is not whether your employees will tolerate being training data. It is whether your security architecture can hold what you're collecting — and Meta's answer, on June 22, was no.

Research Signals

https://www.businessinsider.com/meta-ai-training-data-leak-exposed-employee-activity-across-company-2026-6 https://www.engadget.com/2199458/meta-is-pausing-employee-tracking-program-after-it-let-the-whole-company-see-sensitive-data/ https://www.cnbc.com/2026/04/22/meta-tracks-employee-usage-on-google-linkedin-ai-training-project.html https://www.channelnewsasia.com/business/exclusive-meta-employees-launch-protest-against-mouse-tracking-tech-us-offices-6116841 https://www.thestar.com.my/tech/tech-news/2026/06/23/meta-to-pause-internal-mouse-tracking-tech-while-examining-data-security-issues