The Model Capability Initiative was built to record how Meta employees actually use computers, so the company's AI could learn from real worker activity. The pause shows what happens when a CTO level privacy promise rests on access controls that do not hold at workforce scale.
Meta's CTO told employees that the keystroke and screen-recording data harvested from their laptops to train the company's AI would be "tightly controlled." Within months, that data sat exposed across roughly 45,000 internal tables, accessible to other Meta employees company-wide.
The program in question is the Model Capability Initiative (MCI), an internal Meta effort announced in April to record how Meta's own employees use computers so the company's AI models can learn "how people actually complete everyday tasks using computers." The data MCI was set up to harvest is what made the leak consequential. According to an internal security notice sent Monday and reported by Wired and Business Insider, the exposed set included full AI prompts and their transcriptions, performance review data, private conversations, and the underlying keystrokes, mouseclicks, and on-screen content captured from US-based employee laptops. Three current Meta employees, speaking anonymously, corroborated the exposure to Wired.
This is not a story about a single bad access rule. It is a story about what happens when a privacy commitment depends on internal access controls, and the data being protected is the work of the entire workforce. MCI's design required harvesting the most sensitive parts of every employee's day: the things they typed, the screens they looked at, the prompts they sent to internal AI tools, and the performance data tied to their jobs. The only thing standing between that data and any individual employee was the isolation architecture of the internal system storing it. When that architecture failed, the blast radius was the whole company.
Meta CTO Andrew Bosworth acknowledged the gap in an internal post Monday, telling staff the implementation "fell short of the standards outlined in [the program's] privacy review," according to Wired. That admission is the structural tell. A privacy review is the document a company writes to convince itself, its executives, and its employees that a program collecting this much data is safe to run. The fact that the implementation "fell short" of that review means the document described one system, and a different system was actually built. The promise and the product diverged at exactly the layer that mattered most.
Meta has paused MCI while it investigates. A Meta spokesperson told outlets the company has "no indication at this time that any data was improperly accessed by Meta employees," as Business Insider reported. That statement is a company position, not a finding. With roughly 45,000 internal tables reportedly affected, the practical limits of forensic certainty inside a workforce that large are themselves part of the story. "No indication" is not the same as "no access happened," and it is not the same as "the system was designed to detect improper access if it occurred."
The on-the-ground reaction is the rest of the story. The current employees who spoke to Wired described the incident in terms that go beyond a routine IT problem. One compared it to a "0 days since our last nonsense" milestone, the kind of internal joke that only circulates inside a workforce that has stopped expecting better. Another said they were "incensed." These are the reactions of people who accepted keystroke and screen recording collection on the explicit promise that the data would stay walled off, and watched that wall fail.
MCI is paused, not cancelled, and the incident is still being investigated. Two things will determine whether the structural critique survives. First, what scope Meta confirms: US-only or global, employees only or also contractors, and whether an opt-out mechanism existed or is being introduced. Second, whether the restart, if there is one, comes with a new isolation architecture, or with the same architecture wrapped in a stronger privacy review. The first treats the problem as a control surface that did not scale. The second treats it as a paperwork problem. The leaked data already answers which one Meta's review was actually built to solve.