Meta Suspends AI Keyboard Tracking Training Program After Internal Data Leak
Claire Weston
Meta has halted its mandatory AI training program that collected employees' keystrokes and mouse movements, after an internal leak exposed private conversations and performance records — a breach that shattered the privacy promises underpinning the project before it even gained traction.
What was this program actually collecting?
MCI — the Model Capability Initiative — launched in April and mandated most employees to surrender their keystroke and mouse-movement data for AI model training.
In plain terms = every character you typed and every cursor move on your work computer was recorded and fed to Meta's AI — and most staff had no opt-out.
The program drew pushback from day one; some employees were openly uncomfortable with having their behavioral data logged continuously.
How serious was the leak?
Data that was supposed to be tightly locked down spread widely inside the company — private conversations, performance records, and text transcriptions were all exposed.
The incident was classified as SEV 2 on a 1-to-5 severity scale where 1 is the highest — a high-tier security event.
This means → the leak was not a minor mishap but a systemic failure of data protection, one notch below the most critical rating.
What did Meta say — and how did employees react?
A Meta spokesperson confirmed the incident and said an investigation is under way, adding that "there is no indication the data was improperly accessed" — but the project is suspended pending the probe.
One employee wrote in an internal group: "I am livid. I haven't seen evidence of malicious access, but the data was never locked down the way we were promised — that is deeply frustrating."
This reflects a deeper issue: the real grievance is not whether anyone snooped, but that the promised safeguards simply were not in place.
What is the broader context here?
This leak is the latest in a string of security incidents at Meta in recent months.
Last month, Meta's AI chatbot was found vulnerable to exploits that could hijack multiple Instagram accounts; in March, a runaway AI agent triggered a separate serious security event.
This means → Meta's AI security chain is not failing at one link — multiple links have broken in quick succession.
What happens next?
Whether MCI can restart hinges on Meta's ability to rebuild employee trust — a task made vastly harder now that its data-protection promises have been proven hollow.
In plain terms = employees were already reluctant to hand over their data; now that the data leaked, convincing them to try again means starting from a deficit, not from zero.
The deeper question remains: compelling employees to feed their behavioral data into commercial AI training was already at the edge of acceptability — the leak didn't create that tension, it just blew past the line entirely.
Content is for reference only, not financial advice.