Scale AI has locked down thousands of documents containing classified AI training protocols after contractors and experts sounded the alarm on major security oversights. Files tied to high‑profile projects from Meta, Google and xAI—some labelled “confidential” and even editable—were stored in public Google Docs accessible to anyone with the link. The fallout has been swift: core clients have halted work and paused agreements, raising urgent questions about governance at the AI data‑labelling firm.
Hundreds of Google Docs, totalling thousands of pages, detailed sensitive procedures. Google‑specific documents included internal guides on refining Bard using ChatGPT, while xAI files revealed in‑depth training for “Project Xylophone.” Meta’s datasets featured tagged audio clips for speech bot refinement. Personal contractor spreadsheets divulged names, email addresses, assessments and pay records—some labelled “cheating” or “high quality”—exposing internal metrics to unintended audiences.
A spokesperson for Scale AI confirmed that public sharing has been disabled and that access has been restricted on a case‑by‑case basis as part of an “internal investigation”. Contractors reported disruption, calling it a “knee‑jerk reaction” after the headlines emerged, with teams unable to access project materials mid‑workflow.
Cybersecurity professionals have warned that reliance on public Google Docs for managing classified information is indefensible. Stephanie Kurtz of Trace3 described the setup as sloppy, saying the company ought to have implemented stricter controls from the outset. While no external breach has been confirmed, experts caution that this approach left Scale AI and its clients vulnerable to phishing, spear‑phishing or malware-based incursions.
The timing of the lapse is critical. Meta officially sealed a roughly $14 billion deal for a 49 per cent stake in Scale AI on 10 June, appointing CEO Alexandr Wang to lead its super‑intelligence efforts. Within days, cornerstone partners began distancing themselves. Google, Scale’s single largest customer in 2024, has announced plans to sever ties, having had around $200 million worth of projects lined up this year. OpenAI, xAI and Microsoft have also paused collaborations, citing concerns about Meta’s access to proprietary data.
The setbacks have unsettled Scale AI’s contractor base—around 240,000 gig workers—some of whom report erratic project availability and unclear communication. One investor has liquidated holdings, claiming the Meta infusion cannot offset the revenue lost from departing clients.
The reputational damage extends beyond immediate client relations. Rival data‑labelling firms like Labelbox, Handshake and Mercor are already experiencing heightened demand, as former clients seek more secure alternatives.
Scaling security has long been a challenge in the fast‑paced world of AI data processing. In Scale AI’s case, internal documents obtained by Inc. reveal historical weaknesses: between March 2023 and April 2024, systems for Google‑affiliated annotation projects were riddled with issues such as spam submissions, weak contributor vetting and overuse of ChatGPT to meet project quotas. These revelations suggest that security and quality assurance may have been sidelined in favour of rapid scalability and client onboarding.
Scale AI maintains that it has robust safeguards and dispute this characterisation. Spokesperson Joe Osborne told Inc. that the company actively removed bad actors and had systems in place to protect customer data. Meanwhile, they assert continued commitment to current clients and insist long‑term business fundamentals remain intact.