Jun 26, 2026 · 6 min read
Meta Tracked Employee Keystrokes for AI — Then Leaked the Data
Meta's Model Capability Initiative deployed keystroke and screen monitoring to US employee laptops without an opt-out, then exposed the captured data — AI prompts, transcriptions, and private conversations — across thousands of internal tables.
Meta spent months recording its own employees' every keystroke — then couldn't keep the data secure inside its own walls. The company that built a $1.4 trillion business tracking billions of people across the internet quietly deployed surveillance software to US workers' laptops, captured what they typed, where they clicked, and what was on their screens, and fed it all into an AI training program. When a security review finally checked who could see that data, the answer was: essentially anyone at Meta who went looking.
Key Takeaways
- Meta's Model Capability Initiative (MCI), launched in April 2026, captured keystrokes, mouse movements, click locations, and screen content from US employees' work laptops to train internal AI models.
- Meta's CTO Andrew Bosworth confirmed the software was pushed to company devices with no opt out option for employees.
- A security review found the captured data — including AI prompts, transcriptions, private conversations, and performance records — was exposed across thousands of internal data tables accessible far beyond the intended audience.
- More than 1,600 Meta employees signed an internal petition demanding the program be cancelled entirely.
- Meta has paused, not cancelled, the MCI program; the company stated there is "currently no evidence" of improper internal access.
What Was Meta Actually Collecting?
The Model Capability Initiative was framed internally as a way to collect "real examples of how people actually use computers." The goal: train AI agents to behave more like actual humans doing actual work. MCI captured keystrokes, mouse movements, click locations, and screen content. It monitored activity inside Gmail, Google Chat, Metamate (Meta's own internal productivity tool), and VS Code.
That is not behavioral metadata. It is content. Keystroke logs routinely capture passwords, confidential client names, unreleased product plans, and personal communications. Screen captures go further: they are essentially a photographic record of everything a user sees. The data was described internally as "often contains secrets."
Why Were Employees Never Asked?
CTO Andrew Bosworth confirmed in an internal communication that the keystroke and screen monitoring software was pushed to US workers' laptops with no opt out option on company devices. Employees did not get to say no. They did not get to ask what would be collected, how long it would be retained, or who would have access.
Multiple employees used the word "dystopian" in internal messages. Workers flagged specific risks that the captured data could expose passwords, immigration status details, health information, and family communications. An engineer's internal post protesting "laptop surveillance" went viral inside Meta. Over 1,600 employees signed a petition calling for the program to be killed outright. Bosworth separately acknowledged that company morale was near "the worst it's ever been."
How Did the Data Leak — Internally?
The security review did not find an external breach. The failure was more revealing than that. The captured data — keystroke logs, screen content, AI prompts, full transcriptions, private conversations between employees, and performance related records — ended up stored across thousands of internal data tables. Those tables were accessible to far more Meta employees than anyone apparently intended.
An internal notice reportedly described the exposure as involving tables containing "full prompts and transcriptions, private conversations, people and performance data." Meta's statement that "there is currently no evidence that employees improperly accessed the exposed data" rests entirely on the assumption that thousands of people who had access to those tables did not look. That is a bet, not a guarantee.
This is the classic insider risk failure: collection outpaced access control. Data that was sensitive enough to require a security review to even discover was sitting in tables with permissive read access across a company of tens of thousands of people.
The Irony Is the Point
Meta's core business is surveillance. The company tracks users' behavior across millions of websites and apps through its advertising network. It built a $1.4 trillion company by arguing that this kind of data collection produces value and that users have implicitly agreed to it.
The MCI program applied that same logic to employees. They use Meta devices. They signed employment agreements. Therefore, their keystrokes belong to Meta's training pipeline. The difference is that employees, unlike Facebook users, cannot log off.
This is not an isolated case. The bossware market — employee monitoring software sold to employers — is projected to grow from $587 million in 2024 to $1.4 billion by 2031. A 2025 survey of 1,500 employers found that 74% already use online tracking tools. Meta's MCI is not unusual in ambition. What's unusual is that Meta is one of the world's largest surveillance companies getting a taste of its own product — and still couldn't secure the data it collected on its own people.
What This Means for Your Privacy
If you work anywhere that issues company devices, the MCI story is a direct preview of your risk exposure. Employers do not need to be Meta to deploy monitoring software. The tools are cheap, widely available, and legal in most US states with minimal disclosure requirements. A 2025 survey found 42% of monitored employees plan to leave their job within a year, compared to 23% of unmonitored peers.
The more urgent takeaway is about what happens after collection. Meta had the data. Meta lost control of the data. Not to hackers. To its own internal access permissioning failure. Any company that deploys keystroke logging or screen capture software faces the same structural problem: the data is content rich, aggregated in one place, and enormously valuable to anyone who can access it — including disgruntled insiders, future litigants, regulators, and threat actors who later compromise internal systems.
For compliance officers, the MCI incident is a preview of how regulators will frame similar programs. The GDPR's data minimization and purpose limitation principles apply to employee data. The EU AI Act, which comes into full effect in August 2026, includes specific provisions on AI systems that interact with employees. Collecting keystroke and screen data to train AI without documented necessity and a clear legal basis is exactly the kind of program that will draw enforcement attention. The GDPR enforcement record now stands at €7.1 billion in cumulative fines, and data protection authorities in the EU have already begun scrutinizing workplace monitoring software.
"Paused" Is Not "Stopped"
Meta has not cancelled the Model Capability Initiative. The program is paused. That word is doing heavy lifting. It means the infrastructure exists, the collected data exists, and the business rationale — training AI on real human computer use — has not gone away. Zuckerberg has made catching up with OpenAI and Google a company priority. MCI was a direct instrument of that strategy. A pause under pressure, without a public commitment to delete the collected data or abandon the approach, is a delay, not a reversal.
Employees who signed the petition know this. The 1,600+ signatures were not a request to pause. They were a request to end the program. What Meta ultimately does with MCI will be a more honest signal of how the company weighs employee privacy against AI development than any internal memo. Watch whether the data gets deleted. Watch whether opt out becomes an option. Watch whether the program quietly restarts after the press attention fades. Corporate surveillance does not end because it caused a public relations problem. It adapts.