Scale AI has a data security problem

Scale AI cofounder Alexandr Wang, who is joining Meta following a $14.3 billion investment.Scale AIScale AI routinely uses public Google Docs for work with Google, Meta, and xAI.BI reviewed thousands of files—some marked confidential, others exposing contractor data.Scale AI says it's conducting a "thorough investigation."As Scale AI seeks to reassure customers that their data is secure following Meta's $14.3 billion investment, leaked files and the startup's own contractors indicate it has some serious security holes.Scale AI routinely uses public Google Docs to track work for high-profile customers like Google, Meta, and xAI, leaving multiple AI training documents labeled "confidential" accessible to anyone with the link, Business Insider found.Contractors told BI the company relies on public Google Docs to share internal files, a method that's efficient for its vast army of at least 240,000 contractors and presents clear cybersecurity and confidentiality risks.Scale AI also left public Google Docs with sensitive details about thousands of its contractors, including their private email addresses and whether they were suspected of "cheating." Some of those documents can be viewed and also edited by anyone with the right URL.There's no indication that Scale AI has suffered a breach because of this. Two cybersecurity experts told BI that such practices could leave the company and its clients vulnerable to various kinds of hacks, such as hackers impersonating contractors or uploading malware into accessible files.Scale AI told Business Insider it takes data security seriously and is looking into the matter."We are conducting a thorough investigation and have disabled any user's ability to publicly share documents from Scale-managed systems," a Scale AI spokesperson said. "We remain committed to robust technical and policy safeguards to protect confidential information and are always working to strengthen our practices."Meta declined to comment. Google and xAI didn't respond to requests for comment.In the wake of Meta's blockbuster investment, clients like Google, OpenAI, and xAI paused work with Scale. In a blog post last week, Scale reassured Big Tech clients that it remains a neutral and independent partner with strict security standards.The company said that "ensuring customer trust has been and will always be a top priority," and that it has "robust technical and policy safeguards to protect customers' confidential information."BI's findings raise questions about whether it did enough to ensure security and whether Meta was aware of the issue before writing the check.Confidential AI projects were accessibleBI was able to view thousands of pages of project documents across 85 individual Google Docs tied to Scale AI's work with Big Tech clients. The documents include sensitive details, such as how Google used ChatGPT to improve its own struggling chatbot, then called Bard.Scale also left public at least seven instruction manuals marked "confidential" by Google, which were accessible to anyone with the link. Those documents spell out what Google thought was wrong with Bard — that it had difficulties answering complex questions — and how Scale contractors should fix it.For Elon Musk's xAI, for which Scale ran at least 10 generative AI projects as of April, public Google documents and spreadsheets show details of "Project Xylophone," BI reported earlier this month. Training documents and a list of 700 conversation prompts revealed how the project focused on improving the AI's conversation skills about a wide array of topics, from zombie apocalypses to plumbing.Meta training documents, marked confidential at the top, were also left public to anyone with the link. These included links to accessible audio files with examples of "good" and "bad" speech prompts, suggesting the standards Meta set for expressiveness in its AI products.Some of those projects focused on training Meta's chatbots to be more conversational and emotionally engaging while ensuring they handled sensitive topics safely, BI previously reported. As of April, Meta had at least 21 generative AI projects with Scale.Several Scale AI contractors interviewed by BI said it was easy to figure out which client they worked for, even though they were codenamed, often just from the nature of the task or the way the instructions were phrased. Sometimes it was even easier: One presentation seen by BI had Google's logo.Even when projects were meant to be anonymized, contractors across different projects described instantly recognizing clients or products. In some cases, simply prompting the model or asking it directly which chatbot it was would reveal the underlying client, contractors said.Scale AI left contractor information publicOther Google Docs exposed sensitive personal information about Scale's contractors. BI reviewed spreadsheets that were not locked down and that listed the names and private Gmail addresses of thousands of workers. Several contacted by BI said they were surprised to learn their details were accessible to anyone with the URL of the document.Many documents include details about their work performance.One spreadsheet titled "Good and Bad Folks" categorizes dozens of workers as either "high quality" or suspected of "cheating." Another list of hundreds of personal email addresses is titled "move all cheating taskers," which also flagged workers for "suspicious behavior."Another sheet names nearly 1,000 contractors who were "mistakenly banned" from Scale AI's platforms.Other documents show how much individual contractors were paid, along with detailed notes on pay disputes and discrepancies.The system seemed 'incredibly janky'Five current and former Scale AI contractors who worked on separate projects told BI that the use of public Google Docs was widespread across the company.Contractors said that using them streamlined operations for Scale, which relies mostly on freelance contributors. Managing individual access permissions for each contractor would have slowed down the process.Scale AI's internal platform requires workers to verify themselves, sometimes using their camera, contractors told BI.At the same time, many documents containing information on training AI models can be accessed through public links or links in other documents without verification."The whole Google Docs system always seemed incredibly janky," one worker said.Two other workers said they retained access to old projects they no longer worked on, which were sometimes updated with requests from the client company regarding how the models should be trained.'Of course it's dangerous'Organizing internal work through public Google Docs can create serious cybersecurity risks, Joseph Steinberg, a Columbia University cybersecurity lecturer, told BI."Of course it's dangerous. In the best-case scenario, it's just enabling social engineering," he said.Social engineering refers to attacks where hackers trick employees or contractors into giving up access, often by impersonating someone within the company.Leaving details about thousands of contractors easily accessible creates many opportunities for that kind of breach, Steinberg said.At the same time, investing more in security can slow down growth-oriented startups."The companies that actually spend time doing security right very often lose out because other companies move faster to market," Steinberg said.The fact that some of the Google Docs were editable by anyone creates risks, such as bad actors inserting malicious links into the documents for others to click, Stephanie Kurtz, a regional director at cyber firm Trace3, told BI.Kurtz added that companies should start with managing access via invites."Putting it out there and hoping somebody doesn't share a link, that's not a great strategy there," she said.Read the original article on Business Insider

Comments

Business News

Wisconsin Supreme Court delivers win for environmentalists in fight over 'forever chemicals'

washington times

Strikes on Iran showed the need for stealthy submarines that can launch a whole lot of missiles. The US Navy is about to lose that.

about 2 hours ago

Jeff Bezos and Lauren Sánchez's wedding guest list: A-listers arrive in Italy to celebrate

insider

Have YOU been priced out of your childhood hometown? We reveal the areas with the biggest jump in house prices in the last 20 years... and the spots that are bucking the trend

about 3 hours ago

Should I rush out to fill up my car with petrol now as Israel-Iran tensions continue?

Dailymail

insider

Iran's military strength is a fraction of Israel's. Tehran still has 3 key cards it can play if the ceasefire falls apart.

about 3 hours ago

How data centers are deepening the water crisis

insider

Comments

Similar News

Tesla’s Robotaxi Launch Draws Wall Street Praise—But Scaling Doubts Linger

Alexandr Wang said he refused to let go of 2 tasks &mdash; no matter how big Scale AI got

Meta's Scale AI deal has clients like Google halting projects, contractors scrambling, and one investor bailing out

Scale smarter: 5 days left to save up to $210 on your TechCrunch All Stage pass

English investors acquire Scottish wind farm of ‘impressive scale and capacity’

Why Assad’s Fall Made Israel’s Large-Scale Air War With Iran Possible

Scale AI founder Alexandr Wang says he's waiting for Elon Musk's Neuralink before he has kids

I invested $30,000 to scale my European-based tote bag business in the US &mdash; then tariffs hit

Scale AI CEO Alexandr Wang Leaves to Join Meta Following $14.3B Deal

Scale AI documents show Google extensively using ChatGPT to improve its AI chatbot: 'Make it BETTER than GPT'

Meta invests $14.3B in AI firm Scale and recruits its CEO for 'superintelligence' team

5 things to know about Alexandr Wang, the buzzy Scale AI founder

Meta Invests Nearly $15 Billion in Scale AI to Kick-Start Superintelligence Lab

Meta Eyes Scale AI, a Quiet Data Powerhouse, in $10B A.I. Push

Meta in talks over Scale AI stake that could top $10B, Bloomberg reports

Trump indicates openness to scaling back SALT relief in GOP tax bill

Rosebud lands $6M to scale its interactive AI journaling app

Trump Threatens ‘Large Scale Fines’ After Transgender Girl Competes In California Track Competition

Thames crisis underlines scale of water industry turnaround task

Marriott targets budget travelers with new mid-scale extended-stay option

Business News

Wisconsin Supreme Court delivers win for environmentalists in fight over 'forever chemicals'

Powell says Fed 'can't ignore' inflation potential under shifting tariffs

OpenAI-Backed Legal A.I. Startup Harvey Reaches $5B Valuation

CEO reveals secret to his success — his journey from janitor to head of behemoth Northwell Health

Ship transporting thousands of cars sinks in Pacific after fire, raising concerns about EV batteries

UK regulators may force Google to open search engine to more competition as AI threat grows

The evidence that Russia sanctions evasion has intensified

Oilsands output projected to hit new record this year: S&P Global

I've found the perfect FatFace linen trousers– they're so comfy and easy to style

Strikes on Iran showed the need for stealthy submarines that can launch a whole lot of missiles. The US Navy is about to lose that.

Jeff Bezos and Lauren Sánchez's wedding guest list: A-listers arrive in Italy to celebrate

The biggest box-office flop every year since the '70s

Arizona’s Best Batter Joins Club’s Top Pitcher On MLB Injury List

Essential AI Strategy: Invest Employee Time Before Expecting ROI

Fox News Dominates Cable And Broadcast News Ratings Covering U.S. Strike On Iran

Nike’s Breaking4: Faith Kipyegon And The Global Branding Moonshot

Americans Largely Disapprove Of U.S. Strikes Against Iran, Polls Suggest

Some Good News For ‘Ransom Canyon’ Fans As Netflix Drops Season 2 Announcement

NIL Meets AI To Shape The Future Of College Sports

Iran Won’t Negotiate With U.S. Until ‘Aggression’ Ends—As Ceasefire Wavers (Live Updates)

How Gotham FC Is Building A New Playbook For Women’s Soccer

Bobby Sherman Dies: The Pop Singer, Actor And Former Teen Idol Was 81

The One Big Beautiful Bill To MAHA: Drop Dead

2 Florida men accused of stealing $100M from trust for people with special needs

British Gas, EON, OVO, Octopus and EDF customers get £129 boost from Tuesday

Martin Lewis issues ‘bad news’ for UK household bills due to ‘Middle East’

Scotland's state-funded bank lifts backing in Glasgow tech firm to £10m

Resident doctors ‘energised’ over prospect of more strikes, medics say

AI-powered hiring tools favor black and female job candidates over white and male applicants: study

Starmer defiant over welfare cuts as London mayor hits out at proposals

Have YOU been priced out of your childhood hometown? We reveal the areas with the biggest jump in house prices in the last 20 years... and the spots that are bucking the trend

Should I rush out to fill up my car with petrol now as Israel-Iran tensions continue?

Weight loss jabs could be starting to affect shopping habits in UK supermarkets

FTSE 100 underperforms despite Iran-Israel hope

Bank chief says world ‘too unpredictable’ when forecasting UK economic outlook

Resident doctors ‘energised’ over prospect of more strikes, medics say

Iran's military strength is a fraction of Israel's. Tehran still has 3 key cards it can play if the ceasefire falls apart.

How data centers are deepening the water crisis

Apple has yanked yet another ad campaign. Why?

Logan Paul's Prime sales plummet in a key market as the once-popular drink has growing pains

Diddy's decision not to call witnesses shows his confidence

The plot thickens: OpenAI's mystery AI companion isn't an in-ear device or wearable, exec says in court filing

Fed Chair Jerome Powell says tariff uncertainty warrants caution on rate cuts

Agyemang May Be The Answer To USMNT’s Search For A Consistent Striker

“Grown Up” Drug Maker Shanghai Henlius Targets Global Fight To Beat Cancer

Kaulig Companies Keeps Golf—And Its Benefits—Coming To Northeast Ohio

Prosecutors Made A Strong Case Against Diddy—But Verdict Unpredictable—Legal Experts Say

Northern Lights Forecast: These 15 States May See Aurora Borealis Tonight As Geomagnetic Storms Approach

UFC 317 Fight Card Odds, Picks And Predictions: Royval Vs. Van

‘Billy Joel: And So It Goes’ Documentary Gets Streaming Premiere Date

Newcastle United Must Not Repeat Mistakes In Anthony Elanga Chase

Ibiza 2025: Where To Eat, Drink And Stay

Mamdani Leads Cuomo In NYC Mayoral Race Betting Odds

Is The Napoli Tonic Enough To Refresh Darwin Núñez’s Career?

Hutchinson Is Huge Bargain For Lions In 2026, As Is Vikings’ Metellus

Charitable giving grew to $593B in 2024, propelled by a strengthening U.S. economy

Farmers rush to dodge Rachel Reeves' inheritance tax hike after discovering how

Alexandr Wang said he refused to let go of 2 tasks — no matter how big Scale AI got

I invested $30,000 to scale my European-based tote bag business in the US — then tariffs hit