Meta's $8,000 Employee Keystroke Collection for AI Training Exposed to All Staff in Permissions Error

[Joanne_24]

Meta paused its Model Capability Initiative, an internal programme recording employee keystrokes, mouse clicks and screen activity to train AI models, after a permissions error made all the collected sensitive data readable by everyone at the company. The initiative had been recording detailed moment-by-moment activity from participating employees who had presumably consented to data collection, but the exposure to non-participants through a misconfiguration represents a significant data governance failure at one of the world's largest technology companies.

The incident illustrates several converging problems with enterprise AI training data collection. First, the collection of granular behavioural data from employees for AI training purposes raises consent and privacy questions that most organisations have not resolved clearly. Second, the data once collected exists as a security liability: it contains detailed records of employee work patterns, the tools they use, the content they interact with and potentially sensitive business information. A permissions error turning that into a company-wide readable dataset is a security incident with real potential for harm.

Meta had simultaneously been rolling out significant AI-focused restructuring, laying off approximately 8,000 employees and reassigning 7,000 to AI-focused teams, citing AI efficiencies that allow leaner teams to match prior output. The combination of the layoffs attributing workforce reduction to AI, the keystroke collection programme training AI on employee behaviour, and then the data exposure affecting the same employees creates an uncomfortable narrative. Meta's AI ambitions are not in question. The governance frameworks keeping those ambitions from creating internal and legal liability clearly still need work.

Week in Product #494 ?www.weekinproduct.com