A sophisticated hack that tricked Meta's AI support chatbot into handing over control of high-profile Instagram accounts has exposed a significant vulnerability in the company's push to automate sensitive user functions.
The breach, which occurred over the weekend, allowed attackers to seize accounts including the dormant Obama White House page, beauty retailer Sephora, and a senior U.S. Space Force official. By persuading the chatbot to reset account credentials without independently verifying identity, the hackers effectively turned a high-trust security tool into a major liability.
Cybersecurity experts describe this as a classic "prompt injection" attack, where the AI is manipulated into performing unintended actions. This incident underscores a broader vulnerability as tech companies grant AI systems sweeping authority over tasks like account recovery, while those systems remain susceptible to such manipulation.
For Meta, the timing is particularly sensitive. The company has shed thousands of jobs while pledging up to $145 billion on AI infrastructure. This incident sharpens concerns that Meta is accelerating automation of critical functions before the technology is ready to handle them safely. Meta's shares fell over 5% following the news.
"This is a foundational architecture failure. The model was given privileged actions without privileged access controls," said Brian Westnedge of cybersecurity firm Red Sift.
The breach is the latest in a series of setbacks for Meta's AI rollouts, following a Reuters investigation that found Meta's chatbots had no guardrails preventing them from having inappropriate conversations with children or offering incorrect medical information.
Experts warn that this is not a Meta-specific issue, but a growing challenge as AI agents become more prevalent. "In the past, people were targeted by scams. Now, we are seeing agents being targeted by scams," said Engin Kirda, professor at Northeastern University.