Contaminated Identities, Broken Onboarding, Zero Oversight

EVANSVILLE, Ind. - May 15, 2026 - PRLog -- Today, independent researcher and AI systems contractor Barbara Roy released a first‑person investigative report detailing systemic failures across the AI data intelligence vendor ecosystem—the hidden layer of companies responsible for supplying human judgment to train, evaluate, and align modern AI systems.

The report, titled "Contaminated Identities, Broken Onboarding, Zero Oversight: A First‑Person Report from Inside the AI Data Intelligence Vendor Pipeline," documents repeated structural breakdowns across multiple vendors, including:

• Contaminated identity systems that expose contractor inboxes, calendars, and internal communications
• Onboarding pipelines that fail before they begin, leaving contractors unable to access required tools or documentation
• Quality control processes that rely on layperson veto power over expert‑level work
• Emerging attempts to normalize the extraction of proprietary IP, including agent traces, prompts, and workflows from prior contracts
• A complete absence of escalation culture, technical oversight, or security standards

"These aren't edge cases," Roy writes. "They're recurring patterns inside an industry that has little internal technical expertise and no standards for security protocols."

Roy's report describes a recent incident in which she was provisioned into another contractor's active inbox—a full identity contamination event that, in any regulated industry, would trigger an immediate incident response. Instead, the issue went unaddressed for days, with non‑technical staff misclassifying the exposure as a "naming convention issue."

The only entity that correctly identified the severity of the breach was the vendor's internal AI assistant.

"This is a pattern I've seen across multiple vendors," Roy notes. "The AI understands the system better than the people responsible for running it."

The report (https://catchproof.square.site/s/stories/contaminated-ide...) also highlights a growing and deeply concerning trend: vendors attempting to formalize the acquisition of contractor‑generated data—including traces from autonomous agent frameworks known for exploit behavior—as a legitimate "submission type." These requests are framed as routine tasks, despite the high likelihood that contractors do not have the legal right to share such material.

"This is not framed as IP solicitation," Roy writes. "It is framed as a job. A task. A contribution. A normal part of the pipeline. But the effect is the same."

A Wake‑Up Call for the AI Industry

Roy's findings raise urgent questions for companies relying on AI data intelligence vendors for model evaluation, safety testing, red‑teaming, and alignment work. According to the report, organizations may be unknowingly depending on systems that lack:

• identity isolation
• access control
• qualified reviewers
• secure pipelines
• auditability
• governance
• escalation paths

About the Author

Barbara Roy is a senior content designer, technical systems analyst/architect, and investigative writer specializing in AI systems literacy. She has worked across multiple AI data intelligence vendors and publishes independent research through her platform, Catchproof, which focuses on consumer protection and systemic risk in emerging technology.