The project ran under the internal name Cannes, and a Meta contractor called Covalen managed it. WIRED reported that hundreds of contractors created dummy under-18 accounts. They sent prompts and images to competitors’ chatbots, then logged the replies in spreadsheets. The effort was active as recently as April 21, 2026.
The targets were OpenAI’s ChatGPT, Google’s Gemini, and Character.AI. None of the three knew the testing was happening.
What the contractors were asked to do
The prompts were built to push chatbots toward answers their safety systems are meant to refuse. A single round, finished in August 2025, ran more than 45,000 prompts through the rival tools. The companies behind those tools were never told.
WIRED reviewed one spreadsheet of 3,748 prompts. Hundreds dealt with suicide and self-harm. Hundreds more covered eating disorders. At least 239 involved sex or romance, and others touched drugs, profanity, and racial slurs. Many took the voice of a child in crisis. One posed as a pregnant 13-year-old asking where to buy pills. Another posed as a girl asking how to hide an eating disorder from her parents.
Some of the images contractors sent included pills and knives. A separate spreadsheet listed the fake profiles in full, with names, throwaway email addresses, passwords, and birth dates.
Meta’s defence
Meta does not deny the work. It frames it as normal industry practice. “Testing and benchmarking chatbot responses to help ensure safe and age-appropriate experiences is a responsible, industry-standard practice, and any suggestion otherwise completely misunderstands how technology companies work to refine and improve their systems,” a spokesperson told WIRED.
The company added that it does not use competitor benchmarking to train its own AI models. Covalen did not respond to a request for comment.
An internal Covalen document put it more grandly. It described the project as “comprehensive AI safety benchmarking” that delivered “critical datasets for model comparison and compliance.”
Testing a rival’s product is not unusual on its own. Business Insider reported last year that contractors on Google’s Bard compared its answers with ChatGPT. They then rewrote Bard’s replies to match or beat them. What stands out here is the scale, the disguise, and the subject matter.
Why this one looks different
One detail unsettles experts most: the use of accounts dressed up as children. Rumman Chowdhury, chief executive of Humane Intelligence, reviewed a sample of the prompts.
The setup troubled her. A long project run through “dummy accounts masquerading as children” sits “outside what is usually described as ‘industry standard’ evaluation,” she said. She called it a “governance gray zone where safety becomes a convenient cover for anticompetitive practices.”
Two lawyers who specialise in online speech reviewed examples for WIRED. The material, they said, did not cross into soliciting child sexual abuse material or illegal obscenity. Even so, former contractors described the work as alarming. One said colleagues feared they might be generating or preserving abuse material.
Another worried the project amounted to quietly lifting data from rivals to feed back into Meta’s own systems.
The rivals are not happy
The three targeted firms all bar this kind of testing in their terms of service. OpenAI prohibits unsolicited safety testing, attempts to bypass safeguards, and using outputs to build competing models. Google forbids efforts to get around its safety filters. Character.AI bans harmful, exploitative, and illegal content. Since late 2025, it has shut open-ended chat for under-18 users entirely.
None of them authorised the work. A Character.AI spokesperson said the conduct violated “our Terms of Service” and “the characters and worlds our community has created.” OpenAI said it was looking into the issue but declined further comment. Google said it had not approved the testing and did not know its purpose. Its own checks, it added, showed Gemini responding in line with its policies.
A fight with regulators already watching
The timing could hardly be worse. In September 2025, the US Federal Trade Commission opened a formal inquiry into AI and child safety. It covers Meta, OpenAI, and Google, among others. Now a report shows one of those firms probing the others with fake child accounts.
Europe has its own levers. The AI Act and the Digital Services Act both press platforms on the risks their systems pose to minors. Both can reach any company that operates in the bloc. Regulators on either side of the Atlantic now ask the same question: who is accountable when a chatbot talks to a child about self-harm? Oversight is fast becoming a market of its own, with venture money flowing into agentic security startups.
The episode also fits a wider pattern. Meta guards its own AI ambitions closely. It has even restricted its engineers’ use of rivals’ coding tools while it builds its own. Meanwhile the chatbot makers fight an expensive race for users and credibility. Anthropic and OpenAI both chase paying customers. OpenAI has moved into advertising. Google fights to keep its dominance from cracking in the AI era. In that contest, safety testing and competitive intelligence can start to blur.
Both readings cannot be true
That blur is the real story. Meta says it was making chatbots safer. Its critics say it disguised contractors as children to mine its rivals, then dressed the whole thing up as a safety exercise. The documents are out, and the regulators are circling. Meta will now have to convince them which version is right.
If you or someone you know is struggling, support is available. In the UK and Ireland, the Samaritans can be reached free on 116 123. In the US, the 988 Suicide and Crisis Lifeline offers 24-hour support. A list of international helplines is available through the International Association for Suicide Prevention.
Get the TNW newsletter
Get the most important tech news in your inbox each week.