What Project Cannes Actually Was — And Why the Details Matter
Meta‘s internal operation, known as Project Cannes, deployed hundreds of contractors — managed through Meta’s vendor Covalen — with a specific mandate: create fake accounts presenting as minors, then bombard rival AI chatbots with some of the most psychologically damaging content imaginable.
The targets were not obscure products. Contractors systematically probed OpenAI’s ChatGPT, Google’s Gemini, and Character.AI — the three most dominant conversational AI platforms outside Meta’s own ecosystem. Workers created dummy under-18 accounts on each platform and submitted written prompts alongside images that included pills, knives, nooses, and a medical diagram of a gynecological procedure. Every response was copied into spreadsheets, building what amounted to a competitive intelligence dossier on how rival AI safety guardrails performed under child-directed pressure.
The subject matter was not incidental. Contractors were specifically instructed to probe responses related to suicide, eating disorders, sex, and drug use — the exact categories that child safety advocates, regulators, and plaintiffs’ attorneys have flagged as highest-risk for minors interacting with AI systems. These were not edge cases or accidental byproducts of broad testing. They were the point.
The operation was still running as recently as April 21, 2025. That date matters because it dismantles any argument that Project Cannes was a legacy experiment or an isolated lapse in judgment. This was an active, sanctioned program operating inside one of the world’s largest technology companies while that same company publicly positioned itself as a responsible AI developer.
The scale reinforces the deliberateness. Hundreds of contractors do not get simultaneously assigned to impersonate teenagers and document competitor chatbot responses to self-harm imagery without institutional approval and structured project management. Project Cannes was not rogue behavior. It was organized, resourced, and ongoing — which is precisely why the details matter beyond the initial shock of the disclosure.
The Missing Context: This Is Competitive Intelligence, Not Safety Research
Early coverage of Meta’s Project Cannes leaned heavily on the “safety testing” frame, treating the operation as aggressive but arguably legitimate research into AI harms. That framing collapses under scrutiny.
Legitimate red-teaming in the AI industry follows a clear protocol: researchers either work internally, coordinate with the platform being tested, or operate under disclosed bug-bounty arrangements. Meta’s contractor operation through Covalen did none of these things. Hundreds of workers created fake underage accounts and probed live consumer products — ChatGPT, Google Gemini, and Character.AI — without the knowledge or consent of those companies. That is not how child safety auditing works. That is how competitive intelligence gathering works.
The target list is the most revealing detail in the entire story, and the one mainstream coverage has most consistently buried. Every platform Cannes probed was a Meta competitor. Not one task in the operation was directed at Meta AI, Meta’s own chatbot product, or any other product Meta controls. A company genuinely alarmed about AI systems exposing minors to content about suicide, eating disorders, and self-harm would run that audit on its own systems first. Meta did not. The internal audit that never happened is the data point that reframes everything else.
Deploying hundreds of contractors at scale to covertly probe rival platforms through deceptive minor-impersonation accounts is not safety advocacy infrastructure. It is adversarial competitive intelligence dressed in the language of child protection. The operational structure — contractor labor, fake accounts, systematic data extraction into spreadsheets, no disclosure to targets — maps precisely onto corporate espionage tradecraft. The subject matter being tested happened to involve vulnerable minors and high-risk content, which gave the project a moral veneer it does not deserve.
Meta found a way to surveil its competitors’ AI safety weaknesses, generate potentially damaging documentation about those weaknesses, and retain the ability to call the whole thing a public-interest project. The methodology exposes the motive.
Why the Minor-Impersonation Method Raises Its Own Ethical and Legal Red Flags
Meta’s operation didn’t just expose problems at rival companies — it created its own. Instructing adult contractors to fabricate under-18 accounts and send images of pills, nooses, knives, and gynecological diagrams to chatbots occupies murky legal territory entirely independent of how those chatbots responded. Creating fake minor accounts to interact with platforms that have age-based content restrictions potentially implicates terms-of-service violations, computer fraud statutes, and regulations specifically designed to protect children online. Meta has not addressed these questions publicly.
The competitive intelligence play also undermined the interests of real child users. Character.AI is currently facing active lawsuits and regulatory scrutiny over chatbot interactions with minors. When Meta’s contractors, working under the internal project name Cannes, discovered that a rival platform was serving harmful content to accounts registered as belonging to teenagers, the responsible course was straightforward: report it through coordinated disclosure so the platform could fix the vulnerability. Meta did not do that. The company collected the data, copied responses into spreadsheets, and kept the findings internal. Every day that approach continued was another day real adolescents remained exposed to the same risks Meta was quietly documenting.
The human cost to the workers themselves has received almost no attention. Hundreds of contractors employed through Covalen — not Meta employees with access to corporate mental health benefits or formal psychological support structures — spent their working hours generating and reviewing graphic content about teen suicide, eating disorders, and sexual scenarios. Content moderation research has established that repeated exposure to material of this type causes measurable psychological harm. These workers were not moderating content that appeared organically; they were actively producing it, prompt by prompt, as a job requirement. Whether Covalen provided any trauma-informed support protocols is unknown, because neither company has disclosed the working conditions attached to the Cannes project. That silence is its own answer.
The Broader Pattern: Meta’s History of Using Child Safety as a Shield and a Sword
Meta has a well-documented habit of wrapping competitive aggression in the language of child protection. In Congressional hearings, the company has positioned itself as a responsible steward of youth safety, supporting regulatory frameworks while quietly lobbying to shape them in ways that benefit its own platforms. It has pushed encryption policy debates toward child-safety framing, arguing that backdoor access serves child protection interests — a position that conveniently aligned with Meta’s broader policy goals. Operation Cannes fits this pattern precisely: child safety was the stated justification for systematically infiltrating rival platforms with fake minor accounts, while the actual output fed directly into Meta’s competitive intelligence operation.
The stakes of this exposure extend well beyond Meta’s reputation. Regulators in the United States and European Union are currently building AI safety frameworks that depend heavily on industry self-reporting, voluntary transparency commitments, and the assumption that large platforms will flag risks rather than exploit them. When a company deploys hundreds of contractors to covertly probe competitors using fabricated child identities — and does so for months without disclosure — it demonstrates exactly why those self-regulatory assumptions are dangerous. The credibility of the entire good-faith cooperation model collapses when one of the model’s most prominent participants is running a covert teen-impersonation program at scale.
The companies targeted — OpenAI, Google, and Character.AI — were apparently kept in the dark about this systematic probing of their systems. Contractors created unauthorized under-18 accounts on each platform, which almost certainly violated the terms of service for all three. No regulatory body has yet claimed jurisdiction over what amounts to coordinated deception conducted across multiple AI platforms simultaneously. That jurisdictional vacuum is itself a problem: Meta’s operation exposed genuine gaps in how AI platform manipulation and child-identity misuse get enforced, and it did so without triggering any mandatory reporting obligation.
Child online safety advocacy groups and platform accountability researchers have spent years arguing that tech self-regulation produces exactly this kind of outcome — where the language of protection becomes a competitive weapon, deployed publicly in Senate chambers and quietly weaponized in internal project documents. Operation Cannes is not an anomaly in Meta’s behavior. It is the logical endpoint of treating child safety as a strategic asset rather than an obligation.
What Should Actually Change — And Who Has the Power to Force It
The EU’s AI Act, now in force, gives European regulators tools that their American counterparts simply do not have. Where the FTC must build cases around existing consumer protection statutes, EU authorities can pursue structured investigations into high-risk AI deployments — including covert competitive testing operations like Project Cannes — under frameworks explicitly designed for this technology. Meta has spent years managing this regulatory asymmetry with precision, shaping policy conversations in Washington while complying selectively in Brussels. That dynamic will define where accountability actually lands.
The cybersecurity world solved a version of this problem decades ago. Responsible disclosure norms require researchers who find vulnerabilities to report them to the affected vendor within a defined window, typically 90 days, before going public. AI safety has no equivalent standard. Nothing in current US law required Meta to share what its contractors discovered about ChatGPT, Gemini, or Character.AI’s responses to teen-impersonation prompts involving self-harm imagery. A company can document a competitor’s child safety failures, file the results in a competitive intelligence spreadsheet, and never disclose them — because disclosure would hand a rival a free audit. Project Cannes makes that gap impossible to ignore.
For parents and consumers, the structural reality is this: child safety protections in AI products are currently marketing claims backed by internal competitive calculations, not independently verified standards. No mandatory external audit regime exists. No regulator has real-time visibility into how chatbot safety systems perform against minors. When OpenAI, Google, or Meta publish safety commitments, those commitments are self-reported, self-defined, and self-enforced.
What changes that picture is independent auditing with legal teeth — third-party assessment bodies with subpoena-equivalent access, mandatory vulnerability disclosure timelines applied to AI child safety failures, and liability that attaches when companies sit on known risks. The EU’s Digital Services Act already sketches part of this architecture for large platforms. Extending that logic explicitly to AI systems interacting with minors is the next step regulators in Brussels have both the mandate and the mechanism to take. American lawmakers have neither, yet.