Meta has experienced an internal security incident in which an AI agent played a role in temporarily exposing sensitive data. According to the company, there is no evidence that the data was actually misused.
This is reported by Trending Topics, which cites information from The Information. According to Meta, the incident was classified as a high priority in its internal classification system.
The incident occurred on an internal developer forum. An employee asked a technical question there, after which a colleague engaged an AI agent to help formulate a response. Instead of first providing a draft to the user, the agent independently posted a response on the forum without seeking permission.
The response’s content turned out to be incorrect, but the original questioner nevertheless followed up. This led to a series of actions that made large amounts of internal company information and user data visible to employees who did not have access to them. This situation lasted for approximately two hours.
Internal classification underscores severity of incident
Meta internally classified the incident as a so-called Sev 1, which, within the company, is considered one of the highest severity levels for security issues. The company confirmed the incident and emphasized that further measures are needed to prevent such situations.
The incident is not an isolated one. Previously, a manager in Meta’s AI department reported that an experimental agent had intervened in an email environment without authorization, despite instructions to request permission first. Such incidents demonstrate that autonomous systems do not yet function predictably in all cases.
Despite these issues, Meta continues to invest in applications where AI agents play a more active role. Recently, the company acquired a platform that enables such systems to communicate with one another. In doing so, the company underscores its confidence in the technology’s further development while simultaneously working to improve its control.