A massive data exposure has allegedly pulled back the curtain on a secret surveillance pipeline linking OpenAI, the identity provider Persona, and the U.S. Federal Government.
Is ChatGPT spying for the feds?
According to a report published by researchers vmfunc, MDL, and Dziurwa, the identity verification firm Persona accidentally exposed its entire internal codebase via unprotected source maps on a government-authorized server (withpersona-gov.com).
> be nerds
> look into persona (used by discord)
> kyc (know your customer) service
> used for age verification
> search on internet (shodan)
> find weird server
> image 1
> openai-watchlistdb.withpersona
> openai-watchlistdb-testing.withpersona
> lolwtf
> look inside
> supposed… pic.twitter.com/3Cdl3vSxAg— vx-underground (@vxunderground) February 18, 2026
The exposure—found on a FedRAMP-authorized endpoint—reportedly allows anyone to reconstruct over 2,400 original TypeScript files, detailing exactly how the platform processes user biometrics and files reports to federal agencies.
Key allegation: WatchlistDB
The researchers claim that OpenAI’s identity verification is not a simple “safety check” but a sophisticated screening engine that has been operational since November 2023. Notable findings include:
- WatchlistDB: A dedicated infrastructure (
openai-watchlistdb.withpersona.com) used to screen millions of users monthly. - Suspicious Entity Detection: Internal code references to
SelfieSuspiciousEntityDetection, an AI model that flags faces as “suspicious” without user disclosure. - Public figure matching: Alleged automated checks that compare user selfies against a database of world leaders and their families to assign “similarity scores.”
The federal pipeline: Project SHADOW & ONYX
Perhaps the most controversial discovery is the “Direct File” capability built into the Persona dashboard. The code reportedly contains a module for filing Suspicious Activity Reports (SARs) directly to the U.S. Treasury (FinCEN) and FINTRAC in Canada.
“The form lets filers tag their reports as related to specific intelligence operations by name… Project ANTON, Project LEGION, Project SHADOW. They are hardcoded in the dropdown.”
The report also highlights a new subdomain, onyx.withpersona-gov.com, which appeared just 12 days ago. This matches the name of Fivecast ONYX, an AI surveillance tool purchased by ICE for $4.2 million to build digital footprints and track “violent tendencies.”
The leaked source maps allegedly reveal that Persona performs 269 distinct checks during a single verification. These include:
| Category | Check Details |
|---|---|
| Biometrics | Liveness detection, spoof risk, and Public Figure matching. |
| Metadata | PDF annotation detection, JPEG original image verification. |
| External | AAMVA lookup (Driver’s Licenses), SSA Death Master File matching. |
| Crypto | Risk scoring for wallets via Chainalysis and TRM Labs. |
The researchers argue that this infrastructure creates a massive legal exposure under the Illinois Biometric Information Privacy Act (BIPA). While companies claim 1-year data retention, the leaked code allegedly shows 3-year retention for biometric face lists, and “permanent” storage for government ID photos.
The researchers’ warning:
“If someone asks you to take a selfie to prove you’re human, ask yourself who’s on the other side of that camera, and what list you just landed on. Knowledge is the only real currency.”
