BlockTempo reported on June 23 that Meta launched its “Model Capability Initiative (MCI)” on employees’ computer systems in the United States, deploying program-side recording of mouse movements, click actions, and keyboard input to train AI models, but it included full prompt text and transcripts, private conversations, and personnel and performance data leaks. Meta announced it would pause the MCI program to conduct an investigation.
Meta launched MCI in April to record mouse movements and keyboard input on U.S. employees’ computers
According to the report, the design logic behind the MCI program is: Meta engineers, product managers, and designers’ daily work behaviors on their computers represent high-quality human behavioral data, including how they think, search, solve problems, and communicate with colleagues. Such data has considerable training value for building AI assistants that can genuinely help with work.
However, a Reuters report in May 2026 said that the information collected by MCI went beyond what employees were initially informed, and that some of the data was stored in unencrypted form—these two points constitute the first layer of information security concerns.
SEV report reveals leaked contents: full prompt text, private conversations, personnel performance data, and DSS level scores
According to disclosures in the SEV report, the leaked data was not ordinary activity logs, but included the following content:
· Full prompt text and transcripts
· Private conversations
· Personnel and performance data
· Meta internal DSS data sensitivity level scores (Levels 1 to 4)
The report said that this sensitive data was not protected by any access restrictions within Meta, and that all employees could access it. This is not just a problem of the “data collection scope being too broad,” but an incident in which data governance had flaws from design through execution.
Meta official statement: pausing the investigation, no signs of employees improperly accessing data so far
After the incident was exposed, Meta issued a statement saying it had carefully designed the MCI program and added privacy protection measures, emphasizing that “there are currently no signs that any employee improperly obtained the data,” but it announced it would pause the program to conduct an investigation. As of the time of the report, the investigation results and whether the program would resume operations had not been announced.
FAQ
Why is the data leak from Meta’s MCI program more serious than general employee monitoring?
According to the report, there are two layers to the MCI problem: first, the program itself went beyond the originally disclosed collection scope (Reuters May report), and some data was stored in an unencrypted form; second, the leaked data was not ordinary activity records, but included full prompt text and transcripts, private conversations, personnel performance ratings, and Meta’s internal data sensitivity level scores, and there were no access restrictions within the company at all—every employee could access it.
What are the DSS data sensitivity level scores?
According to the report, DSS is Meta’s internal data sensitivity classification system, with scores ranging from 1 to 4 used to indicate the sensitivity level of data. The SEV report said that data involving such internal sensitivity level scores was leaked along with other private information, and that there were no access control mechanisms within the company, making it a serious data governance flaw.
Can Meta employees truly “refuse” to participate in the MCI program?
According to the report, the employment relationship between employees and the company makes the “refuse” option practically difficult, meaning employees may face de facto compelled consent. The report said that when the collection involves not only work efficiency data but also private conversations and performance ratings, this ethical boundary becomes even harder to uphold. Meta’s official statement did not provide specific details on employees’ opt-out mechanisms.
