The Watchers: How OpenAI, the US Government, and Persona Built an Identity Surveillance Machine

Cybersecurity researchers have uncovered an undisclosed data pipeline between Persona (an identity verification service used by OpenAI, Discord, LinkedIn, and Roblox) and the US federal government. A leak of unprotected source code on an authorized server revealed that standard identity checks of OpenAI users feed into an active "watchlist" database since 2023. Age verification selfies are processed to link facial biometric data to financial records and police databases, including dedicated modules for Suspicious Activity Reports (SARs) sent to the US Treasury and labels like "Project SHADOW." The leak, caused by an accidental exposure of 53 MB of source code, also revealed 269 distinct checks, including facial recognition compared to world leaders and tracking of crypto wallets, with direct links to ICE and FinCEN.