Recently, the AI startup Scale AI has been caught in a serious data security scandal. This highly valued company, which was acquired by Meta for 49% of its shares at 14.8 billion dollars, was exposed for using public Google Docs to store confidential information from numerous clients, including Meta, Google, and xAI.
Google Docs is a convenient collaboration tool, but its "invite or fully public" sharing method clearly conflicts with any company's strict security standards. According to reports, anyone who knows the link to Scale AI's documents can easily access these Google Docs containing sensitive content such as confidential projects, email addresses, and payment information.
A spokesperson for Scale AI responded to this issue, stating that the company is conducting a thorough investigation and has already prohibited any user from publicly sharing documents within the Scale AI management system. However, Google and xAI have not yet commented on the matter, while Meta chose to remain silent.
"The Door is Always Open": Widely Used Google Docs Become a Security Risk
According to five contractors of Scale AI, Google Docs were widely used within the company. Cybersecurity experts pointed out that although there is currently no evidence that these open files have caused actual data leaks, this storage method undoubtedly makes Scale AI extremely vulnerable to hacker attacks.
Investigations showed that before Scale AI took measures, up to 85 files, thousands of pages of project information could be viewed, detailing sensitive collaborations between Scale AI and major technology clients. For example, these documents revealed how Google uses OpenAI's ChatGPT to fine-tune its own chatbots.
Even more shocking was that at least seven Google project manuals marked as confidential were open to the public, including specific suggestions on improving their chatbot Bard. Moreover, public Google Docs even contained detailed information about Elon Musk's "Xylophone Project," such as 700 conversation prompts used to train xAI's AI models.
Contractors also revealed that although these projects usually had secret codenames, they could still clearly identify which client they were working for. When using AI products, sometimes chatbots would even directly reveal customer information when asked.
Employee Information and Salary Details Also Exposed
In addition to customers' confidential project information, Scale AI's Google Docs also clearly disclosed the names and private contact details of thousands of employees. Worse still, some documents even detailed the exact salary amounts of individual contractors, including detailed explanations about salary disputes and differences.
This information undeniably exposes serious loopholes in Scale AI's data security and may lead to legal disputes. It is worth noting that shortly after Meta invested in Scale AI, there were rumors in the industry that major clients, including Google, had already cut ties with Scale AI to prevent Scale AI from revealing sensitive content to Meta. This Google Docs incident will undoubtedly further increase customers' concerns about Scale AI's data security capabilities.
