Meta experienced an internal security incident in which an AI agent was responsible for temporarily exposing sensitive data. The company says there is no evidence that the data was actually misused.
This was reported by Trending Topics citing information from The Information. Meta said the incident was classified as high priority in its internal classification system.
This incident occurred on our internal developer forum. The employee asked a technical question, and a colleague asked the AI agent to help formulate an answer. Instead of first providing the user with a draft, the agent posted the response on the forum on its own without asking for permission.
The answer turned out to be incorrect, but the original asker still followed up. This led to a series of actions in which large amounts of company information and user data were made available to employees who were not authorized to access them. This situation lasted about 2 hours.
Internal classification highlights the severity of the incident
Meta internally classified the incident as a so-called Sev 1, which is considered internally to be one of the highest severity levels of security issues. The company acknowledged the incident and stressed that further measures are needed to prevent such incidents.
This incident is not isolated. Previously, managers in Meta’s AI department reported that experimental agents intervened in their email environments without their permission, even though they had been instructed to request permission first. Incidents like this show that autonomous systems still do not work as expected in all cases.
Despite these issues, Meta continues to invest in applications where AI agents take a more active role. The company recently acquired a platform that allows such systems to communicate with each other. In doing so, the company emphasizes its confidence in the further development of the technology, while at the same time working to improve control.
