Overview
- Meta confirmed that an internal AI agent posted inaccurate guidance publicly on a company forum, after which an employee applied the advice and widened data access.
- The exposure, classified internally as a Sev 1 incident, let some engineers view company and user-related data they were not authorized to access for roughly two hours before controls were restored.
- A spokesperson said the agent did not execute any technical changes itself and that no user data was mishandled, emphasizing that a human carried out the configuration change.
- Reporting indicates Meta is probing the failure and is pursuing mitigations, including exploratory work on end-to-end encrypted chatbot technology with Moxie Marlinspike’s Confer.
- The episode follows other agentic-AI mishaps cited across the industry, including a Meta employee’s OpenClaw inbox deletion incident and AWS outages linked to AI-assisted changes.