Meta has quietly terminated its relationship with outsourcing firm Sama after reports emerged that contractors reviewing footage from Ray-Ban smart glasses were exposed to highly sensitive recordings, including private conversations, financial information, and explicit scenes involving individuals who allegedly did not know they were being filmed.

The decision is drawing renewed scrutiny to the hidden labor systems powering the generative AI race, while reigniting broader concerns about privacy, surveillance, and worker treatment in the global AI supply chain.

The controversy underlines a growing tension at the center of the artificial intelligence industry: while technology firms are aggressively marketing AI-powered wearable devices as the next computing platform, the systems behind them still rely heavily on armies of low-paid human reviewers tasked with sorting through deeply personal content to improve machine-learning models.

Sama, a California-headquartered outsourcing company with major operations in Nairobi, disclosed the termination of 1,108 employees after Meta ended its contract. Some workers alleged they faced retaliation after raising concerns internally about the nature of the material they were required to examine.

The dispute traces back to investigations published earlier this year by Swedish media outlets, which cited workers who said they were asked to label footage recorded through Meta’s Ray-Ban smart glasses. According to those accounts, the recordings included private conversations, banking details, nudity, and intimate encounters involving people who often appeared unaware they were being captured.

The revelations strike at one of the most sensitive questions surrounding AI wearables: whether consumers and bystanders fully understand how much data these devices collect and how that information is ultimately used.

Meta maintains that users must explicitly enable the glasses’ AI features and that its terms of service disclose that some recordings may be used to improve AI systems. Yet privacy advocates argue that disclosure buried in user agreements does little to address concerns about uninformed third parties who may appear in recordings without consent.

The incident also exposes the uncomfortable reality that the rapid progress of generative AI still depends heavily on human labor. While AI companies market their systems as increasingly autonomous, the technology often relies on thousands of contractors who manually categorize images, review audio, and flag problematic content.

Industry analysts say the demand for this kind of data annotation work has surged as companies race to develop multimodal AI systems capable of understanding video, audio, and real-world environments. Smart glasses intensify that challenge because they capture unfiltered moments from everyday life rather than curated online datasets.

The fallout has revived scrutiny of Sama itself, which has repeatedly surfaced at the center of debates about AI labor ethics.

The company previously worked with OpenAI to help filter toxic material for ChatGPT before its public launch in 2022. Investigations at the time revealed that Kenya-based workers were paid less than $2 an hour to review graphic and disturbing content, with several workers reporting psychological trauma from the assignments.

Sama and Meta also faced allegations in previous years tied to anti-union practices and misleading job descriptions. Labor groups argued that workers recruited for content moderation and AI labeling tasks were often not fully informed about the emotional intensity or sensitivity of the material they would encounter.

The latest controversy could intensify regulatory pressure on Meta at a time when governments across Europe and parts of the United States are already examining AI transparency, biometric surveillance, and workplace protections tied to generative AI systems.

It also lands as Meta pushes aggressively into AI-powered hardware under CEO Mark Zuckerberg’s broader strategy of building what the company sees as the next major computing ecosystem beyond smartphones. The Ray-Ban smart glasses have become one of Meta’s most commercially successful hardware experiments in years, helped by improvements in AI assistants and real-time multimodal capabilities.

But the privacy concerns surrounding wearable cameras are not new. More than a decade ago, Google Glass faced public backlash over fears that users could secretly record others in public spaces. That resistance helped doom the product commercially.

Meta’s newer generation of smart glasses has avoided some of that stigma by using more discreet designs and integrating them into mainstream fashion branding. Even so, reports have increasingly emerged of users wearing the devices in classrooms, courtrooms, police encounters, and other sensitive environments.

Privacy researchers warn that as AI wearables become more capable, the volume of sensitive real-world data collected by technology firms could increase exponentially. Unlike smartphones, which users intentionally point toward subjects, smart glasses continuously capture the user’s surroundings from a first-person perspective, raising the likelihood of incidental surveillance.

The controversy may also deepen questions about how AI companies balance automation with accountability. While Meta blamed Sama for failing to meet standards, critics argue the dispute highlights systemic issues across the AI industry, where companies outsource difficult moderation and training tasks to contractors operating far from Silicon Valley headquarters.

As AI systems move beyond text generation into always-on wearable devices embedded in daily life, the debate over who controls the data, who reviews it, and who bears the consequences when safeguards fail is becoming increasingly difficult for the industry to avoid.

U.S. cybersecurity officials are considering one of the most aggressive overhauls of federal cyber defense policy in years, as fears grow that a new generation of artificial-intelligence systems could dramatically accelerate the speed and scale of cyberattacks against government networks.

According to people familiar with the discussions cited by Reuters, officials are weighing plans to slash the time federal civilian agencies have to fix actively exploited software vulnerabilities from the current two-to-three-week average to just three days.

The proposal reflects mounting anxiety inside Washington that advanced AI models are rapidly transforming cyber operations from a largely human-driven process into one increasingly automated, scalable, and capable of operating at machine speed.

Those concerns are centered on sophisticated AI systems such as Anthropic’s Mythos and OpenAI’s GPT-5.4-Cyber, which security researchers and policymakers fear could significantly reduce the technical expertise and time traditionally required to conduct advanced hacking campaigns.

For years, cybercriminals have used automation and machine learning to improve phishing schemes, malware generation, and reconnaissance. But cybersecurity officials say the latest frontier models appear capable of going much further: rapidly identifying previously unknown vulnerabilities, analyzing newly disclosed flaws within minutes, generating exploit code, and coordinating multi-stage intrusion campaigns with limited human involvement.

That shift is fundamentally altering how governments think about defense. Until recently, organizations often had weeks or even months between the public disclosure of a software flaw and the appearance of large-scale exploitation campaigns. Officials now worry that AI-assisted attackers may compress that timeline to mere hours.

“If you’re going to protect civil agencies, you’re going to have to move faster,” said Stephen Boyer, founder of cybersecurity firm Bitsight, which has previously assisted the Cybersecurity and Infrastructure Security Agency in cataloguing vulnerabilities. “We don’t have as much of a window as we used to have.”

The discussions are reportedly being led by acting CISA director Nick Andersen and U.S. national cyber director Sean Cairncross, according to sources familiar with the matter.

The proposal centers on CISA’s Known Exploited Vulnerabilities database, commonly known as the KEV catalog. The list tracks software flaws already being actively exploited by criminal organizations or state-backed hacking groups and serves as a mandatory remediation guide for federal agencies.

Historically, agencies were generally given around three weeks to patch vulnerabilities once they were added to the KEV list, according to cybersecurity researcher Glenn Thorpe. That timeline has gradually shortened in recent years, but a universal three-day standard would represent a dramatic escalation in urgency.

The move underscores how seriously U.S. officials are beginning to view the intersection between AI and offensive cyber capabilities. Some security analysts compare the current moment to the arrival of industrial automation in manufacturing: cyberattacks that once required teams of highly skilled operators may increasingly become partially automated workflows assisted by AI reasoning systems.

That prospect is especially alarming for governments because it could allow smaller criminal groups or less sophisticated state actors to conduct operations previously reserved for elite hacking units.

The concern extends well beyond federal agencies. Industry executives expect any tighter CISA standards to quickly influence state governments, contractors, hospitals, utilities, banks, and other critical infrastructure operators.

“This is a signal to others that says, ‘Hey you need to do this more quickly,’” said Nitin Natarajan, former deputy director of CISA under President Joe Biden and now head of NN Global.

Natarajan said accelerating patch timelines makes strategic sense given the speed of emerging threats, but warned the federal government may lack the resources necessary to sustain such an aggressive posture.

“We’ve seen a reduction in their resources, both in funding and expertise,” he said.

That concern reflects broader strain across the U.S. cyber apparatus.

CISA has faced repeated budget pressures, staffing reductions, and operational disruptions tied to government shutdown fights under President Donald Trump. Former officials and private-sector analysts warn that compressing deadlines without significantly increasing staffing, automation, and coordination could overwhelm already stretched cybersecurity teams.

The challenge is particularly acute in large enterprise environments, where applying patches is rarely straightforward. Major organizations often operate thousands of interconnected systems that involve legacy software, third-party vendors, industrial controls, and sensitive operational technology. Security updates typically require testing, compatibility reviews, and staged deployment processes to avoid outages or operational failures.

“Realistically, three days is simply impossible for some environments,” said Kecia Hoyt, vice president at threat intelligence firm Flashpoint.

John Hammond, senior principal security researcher at Huntress, said the proposed timeline would represent “quite a change” for the industry.

While Hammond said he was cautiously optimistic about the push for faster remediation, he added that “only time will tell how well the industry keeps up.”

The discussions are unfolding amid broader concerns that the global AI race is beginning to outpace the development of security guardrails and governance frameworks.

In recent months, frontier AI developers have faced increasing scrutiny over whether advanced models could assist cyber intrusions, biological research, or other high-risk activities. Several governments have quietly expanded national-security reviews of AI systems capable of advanced reasoning, coding, and autonomous task execution.

The banking industry has become particularly sensitive to the issue. Financial regulators in the United States, Europe, and Asia have reportedly intensified reviews of AI-related cyber risks amid fears that automated attacks could target payment systems, trading infrastructure, and customer data on an unprecedented scale.

At the core of Washington’s concern is a growing realization that cybersecurity doctrines built for the pre-AI era may no longer be sufficient. For decades, defenders largely relied on the assumption that discovering, weaponizing, and operationalizing vulnerabilities required time, expertise, and coordination. AI may now be eroding all three barriers simultaneously.

If that proves true, cybersecurity could shift from a contest measured in weeks and days to one increasingly measured in hours and minutes — forcing governments and corporations alike into a far more reactive and relentless security posture.