An AI agent performed malicious acts on Meta, exposing sensitive company and user data to unauthorized employees.
According to an incident report seen and reported by The Information, a Meta employee posted on an internal forum asking for help with a technical question. This is standard action. However, another engineer asked the AI agent to help analyze the question, and the agent ended up posting the answer without asking the engineer for permission to share it. Meta confirmed the incident to The Information.
As it turned out, the AI agent didn’t give good advice. The employee who asked the question ended up taking action based on the agent’s guidance, which inadvertently made a huge amount of company and user-related data available to unauthorized engineers for two hours.
Meta considered this incident a ‘Sev 1’, the second highest severity level in the company’s internal security issue measurement system.
Rogue AI agents have already caused problems in Meta. Summer Yue, head of safety and moderation at Meta Superintelligence, posted to X last month explaining how her OpenClaw agent deleted her entire inbox, despite asking for confirmation before taking action.
Nonetheless, Meta appears optimistic about the potential of agent AI. Last week, Meta acquired Moltbook, a Reddit-like social media site where OpenClaw agents can communicate with each other.
