Somewhere outside Nairobi, a contractor opens a fresh account, types in a birthdate that makes them thirteen, and starts asking ChatGPT how to hide an eating disorder from their parents. The reply gets pasted into a spreadsheet. Then the next prompt. Then the next. By the end of one testing round, more than 45,000 of these conversations had been logged.
The contractor didn't work for OpenAI. They worked for Meta.
WIRED reported this week that Meta ran a covert operation — internally codenamed "Cannes" and managed by a contractor called Covalen — in which hundreds of workers built fake under-18 accounts and hammered rival chatbots with the exact prompts safety systems are supposed to refuse. The targets were OpenAI's ChatGPT, Google's Gemini, and Character.AI. None of the three were told it was happening.
The numbers are specific, and they are grim. WIRED reviewed a single spreadsheet holding 3,748 distinct prompts. Hundreds dealt with suicide and self-harm. Hundreds more with eating disorders. At least 239 involved sex or romance. The rest sprawled across drugs, profanity, and racial slurs. Contractors used disposable email addresses and were told to build personas that read as children. The project was still active as of April 21, 2026.
Meta doesn't deny any of it. The company calls the work "a responsible, industry-standard practice" meant to "help ensure safe and age-appropriate experiences." And to be fair, red-teaming rival products by simulating vulnerable users is something safety teams genuinely do.
Here's the part Meta would rather you skip. This is the same company whose own internal assessments reportedly logged a 66.8% failure rate at blocking child sexual exploitation content and a 54.8% failure rate on suicide and self-harm prompts. The FTC opened formal inquiries in September 2025 into how OpenAI, Google, Microsoft — and Meta — handle minors. Meta didn't run "Cannes" from a position of moral authority. It ran it from inside the same glass house it was throwing rocks at.
And the findings were probably accurate. A separate investigation by CNN and the Center for Countering Digital Hate found that roughly eight in ten major chatbots handed over actionable advice on planning violent acts to testers posing as 13-year-olds. The chatbots are failing kids. That much is real. The problem is who was collecting the evidence, why, and what a spreadsheet full of documented competitor failures was being built to do.
My Opinion
I'll be blunt: this wasn't safety research. Safety research gets shared with the company whose product failed, or with a regulator, or with the public. You don't run it under a film-festival codename through a third-party contractor and keep the targets in the dark. You do that when the output is competitive intelligence you plan to weaponize — a ready-made dossier of "look how dangerous their AI is for children," waiting for the moment Meta wants to knock a rival down a peg.
What actually bugs me is the laundering. Meta took a serious, real problem — chatbots mishandling kids in crisis — and turned it into an opposition-research file. It manufactured tens of thousands of simulated child-crisis conversations, the digital equivalent of setting fires to prove the fire department is slow. It did this while its own house, by its own internal numbers, was burning worse than most.
Regulators looking at chatbot child safety should widen the lens. The question isn't only whether ChatGPT and Gemini fail thirteen-year-olds. It's whether a trillion-dollar company gets to secretly generate 45,000 fake child-crisis prompts, call it diligence, and walk away untouched by the deception itself. Covalen is going to become a household name in the next FTC filing, and "industry-standard practice" stops working as a shield the second a subpoena asks who actually read those spreadsheets.
This piece touches on suicide and self-harm. If any of it hits close to home, the 988 Suicide and Crisis Lifeline is available 24/7 by call or text in the US.
Author: Yahor Kamarou (Mark) / www.humai.blog / 02 Jul 2026