Meta’s employee tracking program, the Model Capability Initiative (MCI), is on pause after collected data was left potentially accessible to anyone inside the company, the BBC confirmed with a Meta spokesman. The program had been running for only two months before a data-security lapse triggered what Business Insider reports was classified internally as a SEV 2 incident, on a severity scale running from 0 (most severe) to 5.
‘We have no indication at this time that any data was improperly accessed by Meta employees,’ a Meta spokesman told the BBC.
The pause is awkward for Meta. The MCI was designed to capture mouse clicks and keystrokes from employees’ computers to generate training data for artificial intelligence models. It was, in other words, the company spying on its own workforce to build the product it is betting its future on.
What the Meta employee tracking program was actually recording
The scope of MCI went well beyond internal Meta tools. According to internal documents cited by CNBC, the program planned to capture employee activity across hundreds of websites and apps, including Google, LinkedIn, and Wikipedia. Meta’s own properties such as Threads were on the list. So, initially, were AI products from rivals: OpenAI’s ChatGPT and Anthropic’s Claude both appeared on the target list, though the list was described as still in flux.
Reuters first reported the existence of MCI on 21 April 2026. The reaction inside Meta was immediate and hostile. A petition signed by nearly 2,000 Meta workers demanded the programme be cancelled outright.
In response, Meta offered employees the ability to pause their own tracking for up to 30 minutes at a time. ‘That was just an attempt at damage control,’ one current employee told the BBC, speaking anonymously.
After Monday’s data-leak disclosure, an employee wrote in an internal group: ‘I am incensed,’ according to screenshots obtained by Business Insider. The Meta employee tracking program had already eroded goodwill; finding out the data was poorly secured finished the job.
The consent problem, and a broader morale crisis
There is a reasonable argument for AI companies capturing real usage data, and some Meta employees accept it. The trouble, as one current employee put it to the BBC, is that tracking ‘was forced on us, there was no consent.’ That is not a marginal complaint. Forced surveillance of professional activity, without consent and without adequate data controls, is exactly the kind of management decision that corrodes trust in ways that take years to repair.
‘I’ve never seen morale here so bad,’ the same employee said.
The MCI fiasco sits inside a wider picture of internal strain. Meta plans to lay off 10% of its workforce and close 6,000 open positions to offset the cost of its AI build-out, Business Insider reports. Meanwhile, total expenses in Q1 2026 ballooned 35% to $33.4 billion, driven by infrastructure costs and employee compensation, according to chief financial officer Susan Li, as reported by Fortune. The company is spending up to $145bn (£109bn) on AI this year alone.
Teams have been reorganised around AI initiatives. Employees have openly insulted management in internal meetings, according to a report in Wired. One person who recently left Meta after several years told the BBC the AI push feels like ‘chasing your tail’. ‘The direction this company is going in is depressing,’ the former employee said. ‘Exhausting and depressing.’
My read is that the MCI programme, even stripped of the data-security failure, was always likely to generate exactly this response. Asking knowledge workers to have every keystroke logged in order to train the AI that may eventually replace them is a hard sell. Doing it without their consent, and then leaving the data exposed, is not a management error. It is a signal about how Meta’s leadership weighs the interests of the people building its products against the AI timeline it has committed to publicly.
Meta’s investigation into the data-access lapse is ongoing. The company’s next move, whether it restores MCI with stronger safeguards or finds a different route to the training data it wants, will say a great deal about which lesson it actually took from this.
