A massive data exposure has allegedly pulled back the curtain on a secret surveillance pipeline linking OpenAI, the identity provider Persona, and the U.S. Federal Government.
UPDATE:
Following the viral spread of the leaked source maps, Persona has issued an official clarification to its partners, attempting to draw a line between the capabilities found in its code and its actual business practices. In a private briefing, the company stated that while the infrastructure for government reporting exists, they currently have no active contracts with the Department of Homeland Security (DHS) or ICE, though they admitted to actively seeking potential government contracts.
Persona also clarified that while billionaire Peter Thiel is a venture investor, the company has “no relationship” with his data-mining firm, Palantir. In a move to manage the narrative, Persona dismissed the social media-driven investigation as “conspiracy theories,” choosing instead to engage privately with “accredited journalists” to explain why its codebase contains dormant SAR (Suspicious Activity Report) modules and hardcoded intelligence codenames like Project SHADOW. While Persona maintains that employee and investor access to raw customer data is strictly prohibited, the technical reality remains: the “surveillance pipeline” discovered by researchers is a built-in feature of the platform, even if the valves are not yet fully open.
I guess Persona saw my post, or other adjacent posts on social media, because Persona sent out an email addressing the findings to their customers.
They wrote the following (although I'm paraphrasing):
1. Persona does not share your customers data outside of scope. They said…
— vx-underground (@vxunderground) February 19, 2026
Is ChatGPT spying for the feds?
According to a report published by researchers vmfunc, MDL, and Dziurwa, the identity verification firm Persona accidentally exposed its entire internal codebase via unprotected source maps on a government-authorized server (withpersona-gov.com).
> be nerds
> look into persona (used by discord)
> kyc (know your customer) service
> used for age verification
> search on internet (shodan)
> find weird server
> image 1
> openai-watchlistdb.withpersona
> openai-watchlistdb-testing.withpersona
> lolwtf
> look inside
> supposed… pic.twitter.com/3Cdl3vSxAg— vx-underground (@vxunderground) February 18, 2026
The exposure—found on a FedRAMP-authorized endpoint—reportedly allows anyone to reconstruct over 2,400 original TypeScript files, detailing exactly how the platform processes user biometrics and files reports to federal agencies.
Key allegation: WatchlistDB
The researchers claim that OpenAI’s identity verification is not a simple “safety check” but a sophisticated screening engine that has been operational since November 2023. Notable findings include:
- WatchlistDB: A dedicated infrastructure (
openai-watchlistdb.withpersona.com) used to screen millions of users monthly. - Suspicious Entity Detection: Internal code references to
SelfieSuspiciousEntityDetection, an AI model that flags faces as “suspicious” without user disclosure. - Public figure matching: Alleged automated checks that compare user selfies against a database of world leaders and their families to assign “similarity scores.”
The federal pipeline: Project SHADOW & ONYX
Perhaps the most controversial discovery is the “Direct File” capability built into the Persona dashboard. The code reportedly contains a module for filing Suspicious Activity Reports (SARs) directly to the U.S. Treasury (FinCEN) and FINTRAC in Canada.
“The form lets filers tag their reports as related to specific intelligence operations by name… Project ANTON, Project LEGION, Project SHADOW. They are hardcoded in the dropdown.”
The report also highlights a new subdomain, onyx.withpersona-gov.com, which appeared just 12 days ago. This matches the name of Fivecast ONYX, an AI surveillance tool purchased by ICE for $4.2 million to build digital footprints and track “violent tendencies.”
The leaked source maps allegedly reveal that Persona performs 269 distinct checks during a single verification. These include:
| Category | Check Details |
|---|---|
| Biometrics | Liveness detection, spoof risk, and Public Figure matching. |
| Metadata | PDF annotation detection, JPEG original image verification. |
| External | AAMVA lookup (Driver’s Licenses), SSA Death Master File matching. |
| Crypto | Risk scoring for wallets via Chainalysis and TRM Labs. |
The researchers argue that this infrastructure creates a massive legal exposure under the Illinois Biometric Information Privacy Act (BIPA). While companies claim 1-year data retention, the leaked code allegedly shows 3-year retention for biometric face lists, and “permanent” storage for government ID photos.
The researchers’ warning:
“If someone asks you to take a selfie to prove you’re human, ask yourself who’s on the other side of that camera, and what list you just landed on. Knowledge is the only real currency.”
