Meta just paused its AI training tool after it exposed every employee's private data to the entire company

Meta's Model Capability Initiative was supposed to make its AI smarter by tracking every keystroke, mouse movement, and screenshot from US employees.

Instead, it turned into an open filing cabinet.

On June 22, Meta paused MCI after an employee filed a SEV-2 incident report. The exposure included private conversations, performance reviews, tax data, medical information, and full transcription logs — accessible to anyone at the company.

The irony is structural, not cosmetic.

Meta built a surveillance tool to harvest how humans work. Then failed to lock down the very data it collected. The tool was still recording as of Monday afternoon despite Meta claiming it had "privacy safeguards" in place.

Reuters already reported in May that MCI was storing data unencrypted and collecting more than originally described. Employees protested when it launched in April. Meta responded by offering a 30-minute pause button — as if constant surveillance with occasional breaks is acceptable.

The GDPR exposure is real. Logging keystrokes and screenshots of identifiable employees runs directly into Europe's data protection regime. Workplace consent is shaky when the power imbalance is this extreme.

This is the template for what goes wrong when enterprises deploy AI data collection without governance.

Every company building internal AI tools that harvest employee data — for training, for productivity metrics, for workflow optimization — needs to audit three things today:

1. Who can access the collected data?
2. Is it encrypted at rest?
3. Can you prove it's being used only for stated purposes?

Meta couldn't answer those questions. Most enterprises haven't even asked them.