- Program Pause: Meta has paused the Model Capability Initiative, or MCI, after a reported internal exposure of employee-tracking data.
- Activity Data: The program collected keystrokes, mouse movements, clicks, and screen content to train AI models.
- Company Caveat: Tracy Clayton, a Meta spokesperson, said Meta had no indication of improper employee access so far, but investigation remains open.
- Restart Condition: Any restart depends on database permissions that keep worker activity records restricted after collection.
Meta has paused its Model Capability Initiative, or MCI, while it investigates how employee-tracking AI program data became accessible across the company. MCI used worker computer activity to teach models how people operate software, putting Meta’s AI data pipeline and workplace privacy controls under the same review.
A June 22 internal security notice reportedly stated databases containing MCI information were exposed to anyone inside Meta. Affected material included sensitive workplace data, including employees’ private conversations, performance data, and transcriptions.
Meta classified the incident as SEV 2, a severity level one step below its top category. Tracy Clayton, a Meta spokesperson, said the company had designed MCI with privacy safeguards and had no indication at the time that Meta employees improperly accessed the data.
MCI stayed paused while Meta investigated whether anyone viewed or used the exposed material. Meta also has to test whether the program’s permission controls matched the sensitivity of the data it collected.
How MCI Turned Work Activity Into AI Training Data
MCI captured workplace computer-use examples for AI training, not just a narrow productivity metric. Meta’s program collected mouse movements and keystrokes, along with click data and on-screen material from employee computers.
Its design pushed the risk beyond ordinary staff analytics because the same signals can show how employees search, compare information, move between services, and complete tasks on live systems. Meta was already facing objections to a controversial employee monitoring program and broader workplace surveillance concerns.
Meta introduced MCI in April as part of its effort to train AI agents on how people use computers. Earlier concerns over employee activity capture for AI development now meet a more concrete question: whether the same activity logs can stay restricted after they are gathered at workplace scale.
For employees, the training and sensitive work records affect a critical issue. A tool built to help models learn computer workflows can still expose private work context if database permissions or retention rules fail.
Program participation added another layer because MCI was mandatory for the majority of Meta staff before the pause. Employees could not opt out when it launched, so ordinary computer use could feed Meta’s AI systems even when workers objected.
Mandatory participation meant employees had to trust that resulting activity logs would not become a broader personnel record. Internal exposure weakened that trust by making access controls, not only collection policy, the central test.
Worker Pushback Became an Access-Control Test
Worker objections predated the full pause. Earlier concerns included personal data on work devices, battery life, home internet use, and control over when collection occurred.
Before the shutdown, workers could pause collection for up to 30 minutes at a time or request exemptions. Limited controls gave employees timing relief, but they did not answer who could see already gathered activity records after collection.
Worker objections had already moved from inconvenience into privacy and control concerns. An unnamed Meta employee called the tracking plan “very dystopian,” and a former Meta employee framed the project as “just the latest way they’re shoving AI down everyone’s throat”.
The unnamed Meta employee reacting in an internal group captured both the caveat and the frustration over promised controls:
“I don’t see any evidence of malicious access, but the fact that this data wasn’t locked down as originally promised is super frustrating,”
Meta employee, unnamed employee in internal group (via Business Insider)
So far, these employee reactions do not prove misuse. But they show why an access-control lapse landed inside an existing trust dispute over compulsory activity collection and promised safeguards.
Meta’s investigation now has two concrete questions: whether any employee improperly viewed or used the exposed data, and whether MCI’s controls matched the sensitivity of the information it collected. Workplace activity reused for AI training raises employee privacy questions because data gathered in one employment setting can serve a different technical purpose later.
Activity-monitoring tools can sweep in confidential communications, commercial material, customer information, credentials, or personal data unrelated to a worker’s role. Exposed MCI categories make retention and permission rules material because copied or indexed datasets can outlive the moment when an employee created them.
Companies using employee tracking data for AI training also face access-control and retention questions, along with transparency, proportionality, and jurisdiction-specific privacy obligations. A collection rule is not enough if stored data can later be searched, copied, or viewed by people outside the intended audience.
What Meta Must Prove Before Restarting MCI
Meta now has to identify the access-control change that would prevent further exposure of the same employee datasets before MCI collects workplace activity again. Any restart approval must name the database permission rule that blocks broad internal access to worker activity records after collection.
The companz needs to show that employee activity records can remain restricted after capture for model training. Until that control is clear, the pause is a test of whether workplace AI training data can be collected without becoming broadly visible inside the company.
