Meta Pauses Employee Tracking Program After Security Breach

Meta paused its Model Compatibility Initiative (MCI) employee tracking program after an internal security leak exposed sensitive worker data to other staff, according to Wired. The tool, which collected keystrokes and screen content to train AI, is currently under investigation after a Meta engineer warned that the databases were accessible to anyone inside the company.

Why is Meta tracking employee keystrokes and mouse movements?

Meta developed the MCI tool to gather “computer inputs such as mouse movements, click locations and keystrokes, as well as screen content,” according to employees cited by Wired. The goal isn’t traditional productivity monitoring; it’s AI training.

Company executives defended the project by stating the data was necessary to teach AI systems how to operate computer software the way humans do. Meta argued that its own employees provided the best examples for the artificial intelligence to learn from. This represents a shift where employees aren’t just users of AI, but the raw training data for it.

Did you know? While many companies use “bossware” to track active hours, Meta’s MCI specifically targeted how tasks are performed to build a behavioral model for AI agents.

What happens when AI training data leaks in the workplace?

The Meta incident highlights a critical vulnerability: the “honeypot” effect. When a company collects granular data—like every keystroke and screen capture—it creates a high-value target for hackers or internal misuse. In this case, a Meta engineer issued a notice stating these databases were exposed to the entire internal workforce.

A former employee told Wired the lapse was “a mess” and an expected outcome. They claimed leadership ignored risks regarding the safety and privacy of both worker and customer data. This suggests a growing trend where the rush to train Large Action Models (LAMs) may outpace the implementation of basic security protocols.

The risk to customer data

If a tool records “screen content,” it doesn’t just capture the employee’s work; it captures whatever is on the screen. This could include customer PII (Personally Identifiable Information), passwords, or proprietary trade secrets. When that data is stored in a centralized database for AI training, a single permission error can compromise thousands of external clients.

How will employee privacy laws evolve to stop “AI harvesting”?

The backlash at Meta shows that employees are increasingly resistant to non-consensual data harvesting. Initially, Meta employees couldn’t opt out of MCI, though they gained limited ability to do so after protesting. This tension points toward a future of “Data Labor” disputes.

Meta's Leaked Plan to Surveil Employees and Use That Data to Train AI

We’re likely to see a push for clearer distinctions between “work product” and “behavioral data.” While a company owns the document an employee writes, there is a legal gray area regarding whether they own the physical movement of the mouse used to write it. This mirrors broader debates over AI training sets and copyright law.

Pro Tip: For employees in high-surveillance environments, using a separate, non-company device for personal logins and sensitive communications is the only way to ensure data isn’t swept up in “screen content” harvesting.

Will other tech giants adopt similar “behavioral training” tools?

The race to create “AI agents” that can actually execute tasks (rather than just chat) makes the Meta approach attractive. To make an AI that can book a flight or manage a CRM, the AI needs to see exactly where a human clicks and how they handle errors.

However, the Meta fallout serves as a warning. According to company spokesperson Tracy Clayton, Meta is pausing the program to investigate. Other firms may now pivot toward “synthetic data” or highly controlled, consented “gold sets” of data rather than sweeping, company-wide surveillance to avoid the PR and security nightmare Meta currently faces.

Comparing AI Training Methods

Broad Surveillance (MCI style): High volume of data, high risk of security leaks, high employee resentment.
Consented Sourcing: Lower volume, higher data quality, lower legal risk.
Synthetic Data: No privacy risk, but may lack the “human” nuance needed for complex software operation.

Frequently Asked Questions

What is the Model Compatibility Initiative (MCI)?

MCI is a Meta tool designed to collect employee mouse movements, keystrokes, and screen content to train AI to use software like a human.

Why did Meta pause the program?

The program was paused after an internal security notice revealed that the databases containing this sensitive employee data were exposed to other Meta employees.

Can employees opt out of AI tracking?

At Meta, employees initially could not opt out, but limited options were introduced following internal protests. Privacy laws vary by region, but behavioral tracking remains a legal gray area.

What do you think? Should companies be allowed to record your every click to train the AI that might eventually replace your role? Let us know in the comments or subscribe to our newsletter for more updates on the intersection of AI and labor rights.