Connect with us

Business

Scale AI’s Public Google Docs Reveal Security Holes in AI Projects

Published

on


As Scale AI seeks to reassure customers that their data is secure following Meta’s $14.3 billion investment, leaked files and the startup’s own contractors indicate it has some serious security holes.

Scale AI routinely uses public Google Docs to track work for high-profile customers like Google, Meta, and xAI, leaving multiple AI training documents labeled “confidential” accessible to anyone with the link, Business Insider found.

Contractors told BI the company relies on public Google Docs to share internal files, a method that’s efficient for its vast army of at least 240,000 contractors and presents clear cybersecurity and confidentiality risks.

Scale AI also left public Google Docs with sensitive details about thousands of its contractors, including their private email addresses and whether they were suspected of “cheating.” Some of those documents can be viewed and also edited by anyone with the right URL.

There’s no indication that Scale AI has suffered a breach because of this. Two cybersecurity experts told BI that such practices could leave the company and its clients vulnerable to various kinds of hacks, such as hackers impersonating contractors or uploading malware into accessible files.

Scale AI told Business Insider it takes data security seriously and is looking into the matter.

“We are conducting a thorough investigation and have disabled any user’s ability to publicly share documents from Scale-managed systems,” a Scale AI spokesperson said. “We remain committed to robust technical and policy safeguards to protect confidential information and are always working to strengthen our practices.”

Meta declined to comment. Google and xAI didn’t respond to requests for comment.

In the wake of Meta’s blockbuster investment, clients like Google, OpenAI, and xAI paused work with Scale. In a blog post last week, Scale reassured Big Tech clients that it remains a neutral and independent partner with strict security standards.

The company said that “ensuring customer trust has been and will always be a top priority,” and that it has “robust technical and policy safeguards to protect customers’ confidential information.”

BI’s findings raise questions about whether it did enough to ensure security and whether Meta was aware of the issue before writing the check.

Confidential AI projects were accessible

BI was able to view thousands of pages of project documents across 85 individual Google Docs tied to Scale AI’s work with Big Tech clients. The documents include sensitive details, such as how Google used ChatGPT to improve its own struggling chatbot, then called Bard.

Scale also left public at least seven instruction manuals marked “confidential” by Google, which were accessible to anyone with the link. Those documents spell out what Google thought was wrong with Bard — that it had difficulties answering complex questions — and how Scale contractors should fix it.

For Elon Musk’s xAI, for which Scale ran at least 10 generative AI projects as of April, public Google documents and spreadsheets show details of “Project Xylophone,” BI reported earlier this month. Training documents and a list of 700 conversation prompts revealed how the project focused on improving the AI’s conversation skills about a wide array of topics, from zombie apocalypses to plumbing.

Meta training documents, marked confidential at the top, were also left public to anyone with the link. These included links to accessible audio files with examples of “good” and “bad” speech prompts, suggesting the standards Meta set for expressiveness in its AI products.

Some of those projects focused on training Meta’s chatbots to be more conversational and emotionally engaging while ensuring they handled sensitive topics safely, BI previously reported. As of April, Meta had at least 21 generative AI projects with Scale.

Several Scale AI contractors interviewed by BI said it was easy to figure out which client they worked for, even though they were codenamed, often just from the nature of the task or the way the instructions were phrased. Sometimes it was even easier: One presentation seen by BI had Google’s logo.

Even when projects were meant to be anonymized, contractors across different projects described instantly recognizing clients or products. In some cases, simply prompting the model or asking it directly which chatbot it was would reveal the underlying client, contractors said.

Scale AI left contractor information public

Other Google Docs exposed sensitive personal information about Scale’s contractors. BI reviewed spreadsheets that were not locked down and that listed the names and private Gmail addresses of thousands of workers. Several contacted by BI said they were surprised to learn their details were accessible to anyone with the URL of the document.

Many documents include details about their work performance.

One spreadsheet titled “Good and Bad Folks” categorizes dozens of workers as either “high quality” or suspected of “cheating.” Another list of hundreds of personal email addresses is titled “move all cheating taskers,” which also flagged workers for “suspicious behavior.”

Another sheet names nearly 1,000 contractors who were “mistakenly banned” from Scale AI’s platforms.

Other documents show how much individual contractors were paid, along with detailed notes on pay disputes and discrepancies.

The system seemed ‘incredibly janky’

Five current and former Scale AI contractors who worked on separate projects told BI that the use of public Google Docs was widespread across the company.

Contractors said that using them streamlined operations for Scale, which relies mostly on freelance contributors. Managing individual access permissions for each contractor would have slowed down the process.

Scale AI’s internal platform requires workers to verify themselves, sometimes using their camera, contractors told BI.

At the same time, many documents containing information on training AI models can be accessed through public links or links in other documents without verification.

“The whole Google Docs system always seemed incredibly janky,” one worker said.

Two other workers said they retained access to old projects they no longer worked on, which were sometimes updated with requests from the client company regarding how the models should be trained.

‘Of course it’s dangerous’

Organizing internal work through public Google Docs can create serious cybersecurity risks, Joseph Steinberg, a Columbia University cybersecurity lecturer, told BI.

“Of course it’s dangerous. In the best-case scenario, it’s just enabling social engineering,” he said.

Social engineering refers to attacks where hackers trick employees or contractors into giving up access, often by impersonating someone within the company.

Leaving details about thousands of contractors easily accessible creates many opportunities for that kind of breach, Steinberg said.

At the same time, investing more in security can slow down growth-oriented startups.

“The companies that actually spend time doing security right very often lose out because other companies move faster to market,” Steinberg said.

The fact that some of the Google Docs were editable by anyone creates risks, such as bad actors inserting malicious links into the documents for others to click, Stephanie Kurtz, a regional director at cyber firm Trace3, told BI.

Kurtz added that companies should start with managing access via invites.

“Putting it out there and hoping somebody doesn’t share a link, that’s not a great strategy there,” she said.

Have a tip? Contact this reporter via email at crollet@insider.com or Signal and WhatsApp at 628-282-2811. Use a personal email address and a nonwork device; here’s our guide to sharing information securely.





Source link

Business

Trump threatens 35% tariffs on Canadian goods

Published

on


US President Donald Trump has said he will slap a 35% tariff on Canadian goods starting 1 August, even as the two countries are days away from a self-imposed deadline to reach a new deal on trade.

The missive came as Trump also threatened blanket tariffs of 15% or 20% on most trade partners, and said he would soon notify the European Union of a new tariff rate on its goods.

Trump announced the latest levies on Canada on Thursday in a letter posted to social media and addressed to Prime Minister Mark Carney.

The US has already imposed a blanket 25% tariff on some Canadian goods, and the country is feeling the pain of the Trump administration’s global steel, aluminium and auto tariffs.

The letter is among more than 20 that Trump had posted this week to US trade partners, including Japan, South Korea and Sri Lanka.

Like Canada’s letter, Trump has vowed to implement those tariffs on trade partners by 1 August.

The US has imposed a 25% tariff on all Canadian imports, though there is a current exemption in place for goods that comply with a North American free trade agreement.

It is unclear if the latest tariffs threat would apply to goods covered by the Canada-United States-Mexico Agreement (CUSMA).

Trump has also imposed a global 50% tariff on aluminium and steel imports, and a 25% tariff on all cars and trucks not build in the US.

He also recently announced a 50% tariff on copper imports, scheduled to take effect next month.

Canada sells about three-quarters of its goods to the US, and is an auto manufacturing hub and a major supplier of metals, making the US tariffs especially damaging to those sectors.

Trump’s letter said the 35% tariffs are separate to those sector-specific levies.

“As you are aware, there will be no tariff if Canada, or companies within your country, decide to build or manufacture products within the United States,” Trump stated.

He also tied the tariffs to what he called “Canada’s failure” to stop the flow of fentanyl into the US, as well as Canada’s existing levies on US dairy farmers and the trade deficit between the two countries.

“If Canada works with me to stop the flow of Fentanyl, we will, perhaps, consider an adjustment to this letter. These Tariffs may be modified, upward or downward, depending on our relationship with Your Country,” Trump said.

President Trump has accused Canada – alongside Mexico – of allowing “vast numbers of people to come in and fentanyl to come in” to the US.

According to data from the US Customs and Border Patrol, only about 0.2% of all seizures of fentanyl entering the US are made at the Canadian border, almost all the rest is confiscated at the US border with Mexico.

In response to Trump’s complaints, Canada announced more funding towards border security and had appointed a fentanyl czar earlier this year.

Canada has been engaged in intense talk with the US in recent months to reach a new trade and security deal.

At the G7 Summit in June, Prime Minister Carney and Trump said they were committed to reaching a new deal on within 30 days, setting a deadline of 21 July.

Trump threatened in the letter to increase levies on Canada if it retaliated. Canada has already imposed counter-tariffs on the US, and has vowed more if they failed to reach a deal by the deadline.

In late June, Carney removed a tax on big US technology firms after Trump labelled it a “blatant attack” and threatened to call off trade talks.

Carney said the tax was dropped as “part of a bigger negotiation” on trade between the two countries.

The Prime Minister’s office told the BBC they did not have immediate comment on Trump’s letter.



Source link

Continue Reading

Business

The Stack: How AI Is Driving Rapid Change in Business

Published

on


This week’s column dives into Mary Meeker’s latest report, and also looks at how Road Runner Sports is elevating its customer experience
This story is part of “The Stack,” a weekly column that takes a deep dive into the ways tech companies are shaping the future of fitness and wellness

I was surprised to see an email in my inbox about a new report from Bond, the venture capital firm based in San Francisco and founded by Mary Meeker. Following the link brought me to a massive 340-page report. It was like Christmas in July.

If you don’t know, Meeker is known as the “Queen of the Internet.” While at Morgan Stanley, Meeker and Chris DePuy published “The Internet Report,” which guided investors through the dot-com boom era and beyond. So, what does she and her co-authors of “Trends – Artificial Intelligence” have to say today? A lot.

The report covers everything from soup to nuts, and includes chapters on AI deployment, usage, costs, growth, the competitive landscape, capital expenditures and IRL uses such as at work.  

The report paints an AI landscape using numerous graphs and charts, mostly festooned with arrows that go up, but also with some bleak data points such as “monetization threats.”

One of the key takeaways of the report is the speed of change occurring.

“To say the world is changing at unprecedented rates is an understatement,” the report’s authors said. “Rapid and transformative technology innovation/adoption represent key underpinnings of these changes. As does leadership evolution for the global powers.”

The report noted the rise of Google, Alibaba and Facebook – each experiencing growth arcs that were relatively steady.

“Fast forward to today with the world’s organized, connected and accessible information being supercharged by artificial intelligence, accelerating computing power and semi-borderless capital … all driving massive change,” the authors of the report said. “Sport provides a good analogy for AI’s constant improvements. As athletes continue to wow us and break records, their talent is increasingly enhanced by better data/inputs/training. The same is true for businesses, where computers are ingesting massive datasets to get smarter and more competitive.”

Over time, the speed of change is only expected to increase, so hang on.

If you want to learn more, download the report here

The New Kid on the Block

The latest development in AI is “Agentic AI,” which is the spooky one that works autonomously with little human oversight. Instead, it runs on its own to reach specific goals. This form of AI joins the ranks of other powerful models, such as predictive and generative AI. In truth, Agentic AI is not so much spooky as it is advanced.

For the retail, hospitality and fitness industries, companies such as Profitmind are working with businesses to create an “intelligence layer” with Agentic AI that can assist in price optimization, performance analysis and inventory analysis. It can even be used in competitive and white space analysis.

SalesRevv, a software platform for fitness brands, uses agentic AI in text messages (credit: SalesRevv)

In IBM’s latest “Global C-suite Series” report, analysts polled CEOs and looked at how Agentic AI can help businesses move from profitability to greater productivity. 

“Technology promises to help them make smarter, better decisions that drive growth and stakeholder value,” the report’s authors said. “AI agents, in particular, offer predictive capabilities that let teams see the impact of change before they lift a finger. This autonomous, adaptive and self-iterating technology is already dramatically changing how businesses operate.”

Business leaders are taking note. IBM’s survey of executives found that 61 percent of CEOs polled “say their organization is actively adopting AI agents and preparing to implement them at scale.”

Tying Everything Together

Road Runner Sports, the nationwide fitness retailer, recently teamed up with unified commerce solutions leader Aptos to implement the tech company’s modern, mobile-first Point of Sale (POS) platform, Aptos One. This strategic deployment, extending across Road Runner Sports’ 50-plus U.S. stores, aims to significantly enhance customer engagement and omnichannel capabilities.

Deploying Aptos One is in response to growing consumer demands for an overall better shopping experience, whether it is online, in a physical store or at a pop-up shop. Personalization and seamless experiences are key.

Aptos said the integration of Aptos One will seamlessly connect with Road Runner Sports’ existing Aptos SaaS applications, including Merchandising, Order Management System (OMS), Customer Relationship Management (CRM) and Sales Audit. The company said this connectivity will enable highly personalized customer service, real-time inventory visibility and a unified experience across online and offline interactions.

San Diego-based Road Runner Sports is renowned for its diverse selection of athletic shoes, apparel and fitness devices. Their shoppers are fiercely loyal and expect a high level of personalization. The company’s commitment to inspiring active and healthy lifestyles is exemplified by its unique Fit Finder technology, which provides in-store and online customers with personalized shoe fittings, and its popular membership program, offering extended guarantees and exclusive benefits. 

“We’ve redefined the traditional shoe buying experience,” Tom Compogiannis, chief financial officer at Road Runner Sports, said in a statement. “Our interest in Aptos One stemmed from our continuous pursuit of elevating our customers’ journey.”

exterior of a Road Runner Sports store
credit: Arne Beruldsen/shutterstock.com

Beyond in-store enhancements, Compogiannis foresees significant opportunities for Aptos One to facilitate Road Runner Sports’ presence at external events such as pop-up shops, expos and gatherings.

“We want to interact with Road Runner Sports customers and potential customers wherever they are,” Compogiannis added. “As a cloud-native, mobile-first solution, Aptos One makes it easy to conduct selling activities just about anywhere.”

This capability allows store teams to engage with local communities, expanding customer acquisition and sales opportunities outside traditional store environments.”

Jeremy Grunzweig, general manager at Aptos, emphasized that Aptos One was developed in response to retailer feedback, combining robust enterprise-grade, omnichannel POS functionality with a mobile-first design.

For inquiries and tips related to “The Stack,” please reach out to [email protected]





Source link

Continue Reading

Business

Indeed and Glassdoor to Slash 1,300 Jobs As Parent Company Bets on AI

Published

on


Two major job-seeking platforms are slashing jobs.

Indeed and Glassdoor are laying off about 1,300 employees as their parent company, Japan’s Recruit Holdings, restructures its HR tech empire to double down on artificial intelligence.

In an internal email to employees on Thursday viewed by Business Insider, Recruit Holdings and Indeed CEO Hisayuki “Deko” Idekoba said that the cuts would mostly affect US-based roles in research, people operations, and sustainability, because “AI is changing the world” and the company must adapt.

“Delivering on this ambition requires us to move faster, try new things, and fix what’s broken,” wrote Idekoba. “To achieve our company priorities, it requires creating a structure and culture to support them.”

“We will integrate Glassdoor operations into Indeed, working toward a simpler hiring experience for job seekers and employers,” Idekoba added in the email.

In addition to trimming around 6% of the HR Technology segment workforce, some long-running leaders across both companies will be departing. According to the email, Glassdoor CEO Christian Sutherland-Wong will be exiting the company on October 1 after a decadelong run. LaFawn Davis, Chief People & Sustainability Officer, will also be leaving Indeed in September.

The overhaul comes just weeks after Idekoba returned as CEO of Indeed, a role he previously held from 2013 to 2019.

“We’re in a once-in-a-generation moment when technology can really change lives,” Idekoba said in June in a press release. “Hiring is still too slow and too hard, and we’re using AI to make it simpler and more personal — for both job seekers and employers.

Recruit Holdings acquired Indeed in 2012 and Glassdoor in 2018. It is unclear if the cuts will be evenly distributed between Glassdoor and Indeed.

Indeed has had layoffs two years in a row. In 2024, it cut around 1,000 jobs, which was about 8% of its workforce. The year before, the company also cut 2,200, which was roughly 15% of its staff.

Indeed, Glassdoor, and Recruit Holdings declined to comment further beyond the CEO’s email.





Source link

Continue Reading

Trending