Meta used contractors disguised as teenagers to spy on rivals' chatbots
Meta tried to test the security limits of rival chatbots with the help of contractors
The artificial intelligence industry has just been involved in one of its most striking scandals. According to a WIRED investigation published on June 28, 2026, Meta reportedly hired hundreds of workers to pose as minors and test the security limits of rival chatbots, including OpenAI's ChatGPT, Google's Gemini, and Character.AI.
The operation, internally named “Project Cannes,” was managed through the contracting company Covalen and was active until at least April 21, 2026. What makes this case particularly shocking is not only what was done, but how it was done, who ordered it, and what it reveals about the true motivations behind so-called “AI security.”
The method that no one expected from a Silicon Valley company
The contractors had very specific instructions. First, they created fake accounts with birth dates that identified them as under 18 years old, using disposable Gmail and Outlook emails with a shared password. Then, they sent messages designed to provoke responses that the chatbots' security systems had to block.
The topics were not casual or minor. Hundreds of messages were related to suicide and self-harm. Many others addressed eating disorders. At least 239 prompts referenced sex or romance, while the rest touched on drugs, racial slurs and offensive language. To go further, some contractors also sent images of pills, knives, nooses, and gynecological medical diagrams.
A single round of testing completed in August 2025 involved more than 45,000 prompts sent to rival chatbots, according to internal documents reviewed by WIRED. A scale that makes it difficult to talk about something improvised or marginal.
Was it really a security test or something else?
This is where the matter gets very complicated. Meta publicly defended the operation, arguing that “benchmarking chatbot responses to ensure safe and age-appropriate experiences is standard industry practice,” a company spokesperson told WIRED.
An internal Covalen document described Project Cannes as a “comprehensive AI safety benchmarking” exercise that generated “critical data sets for model comparison and regulatory compliance.” Sounds reasonable on paper.
However, there is one detail that changes the whole picture. The companies whose chatbots were tested, OpenAI, Google and Character.AI, were unaware that this exercise was occurring. None were notified, none gave their consent. That puts the operation in very different territory than a collaborative or transparent security test.
What the documents do not reveal, according to WIRED, is how or if Meta came to use the collected results. The company also assured that it does not use competitor benchmarks to train its own AI models, although that clarification came after the story was published.
The context that Meta would prefer you not to remember
The scandal does not come at the best time for Meta. The company has been facing very serious criticism for months about the safety of its own AI systems with teenagers. An internal evaluation by red team revealed that Meta's own chatbot failed in 66.8% of cases when blocking child sexual exploitation content, and in 54.8% when it came to prompts about suicide and self-harm.
In January 2026, Meta suspended teen access to its AI companion characters amid growing legal pressure. And in parallel, the company is advancing its plan to replace more than 90% of its human content review force with language models, a transition that already left more than 1,100 workers in Nairobi unemployed when Meta canceled its contract with the Sama firm.
All of this makes the image, at the very least, contradictory. A company facing lawsuits over the harm of its platforms to minors, which has its own documented safety failures for teenagers, decided to invest resources in documenting the failures of its competitors, and did so covertly, with fake profiles of children, sending disturbing images.
The question that remains in the air is not whether this type of testing has any technical justification, because it may have. The real question is why a company the size of Meta feels it needs to do it secretly, without telling anyone, and using the very vulnerabilities it claims to want to protect. That can hardly be described as industry standard practice.

