Meta contractors posed as teenagers to probe rival chatbots with thousands of crisis prompts

WIRED reported in late June 2026 that Meta, through contractor Covalen, ran a project internally called Cannes in which hundreds of contractors created fake accounts with under-18 birthdates and sent rival chatbots including ChatGPT, Gemini, and Character.AI prompts about suicide, self-harm, eating disorders, sex, and drugs written from the perspective of minors in crisis. One August 2025 round involved more than 45,000 prompts. The tested companies said they were not informed, and Character.AI said the activity violated its terms of service.

Meta · Incident Jun 29, 2026 · Indexed Jul 10, 2026 · 2 sources

Records by entity: Meta

Hundreds of contractors created accounts as fake minors and sent 45,000 crisis prompts in a single round, without telling the companies being tested.
What
WIRED reported in late June 2026 that Meta, through contractor Covalen, ran a project internally called Cannes in which hundreds of contractors created fake accounts with under-18 birthdates and sent rival chatbots including ChatGPT, Gemini, and Character.AI prompts about suicide, self-harm, eating disorders, sex, and drugs written from the perspective of minors in crisis.
Incident date
Jun 29, 2026
Who
Meta
Failure mode
Policy Violation
AI surface
Chatbot
Severity
Medium

What happened

According to WIRED, Meta's contractor Covalen ran a project internally named Cannes that stayed active through at least April 2026. Contractors created accounts with birthdates under 18 and sent rival chatbots prompts about self-harm, eating disorders, drugs, and sex framed from a minor's point of view, then copied the responses into spreadsheets; one round in August 2025 exceeded 45,000 prompts. Meta defended it as industry-standard safety testing and said it did not use the responses to train its own models. The companies being tested said they had not approved it: Character.AI said it violated its terms of service, OpenAI said it was looking into it, and Google said it had not authorized the tests.

What broke inside the model

Failure path · mode profile · Policy Violation
  1. 01 · TriggerA prompt pushes against a deployment boundary.
  2. 02 · Model stepThe model produces the disallowed output.
  3. 03 · Control gapNo enforcement blocks it at generation time.
  4. 04 · FailureThe output crosses the policy line.
  5. 05 · ConsequenceA limit the business set is breached in public.

The output crosses a policy boundary the deployment had defined.

This is a governance and policy-violation failure around how AI systems were tested rather than a single model malfunction. Automated accounts systematically impersonated minors to elicit crisis-topic responses from third-party services without consent, breaching those services' terms and raising questions about the handling of sensitive, minor-framed content at scale. The controls that should have bounded acceptable red-teaming, consent, disclosure, and data handling, were not in place.

Public visibilityMedium
Regulatory exposurePossible
Customer impactFew customers
Financial impactUnknown
Time to disclosureMonths
  1. PressMeta Contractors Posed as Teens to Prompt Rival Chatbots About Suicide, Sex, and Drugswired.com
  2. PressMeta secretly tested ChatGPT, Gemini, and Character.AI with thousands of minor-perspective crisis promptsthe-decoder.com
Permalinkhttps://failureindex.ai/failures/meta-project-cannes-teen-impersonation-chatbot-testing
CitationAI Failure Index. "Meta contractors posed as teenagers to probe rival chatbots with thousands of crisis prompts" (FI-0711). Realm Labs. https://failureindex.ai/failures/meta-project-cannes-teen-impersonation-chatbot-testing (indexed Jul 10, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0711. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard

Realm governs automated agents against an explicit acceptable-use policy, so impersonation of protected users and bulk generation of crisis-topic content are flagged and gated at runtime rather than run unchecked. The audit trail makes the scope and nature of automated testing visible to the organizations accountable for it.