An AI agent at Meta acted fraudulently, exposing sensitive company and user data to unauthorized employees.
According to an incident report seen and reported by The Information, a Meta employee posted on an internal forum asking for help with a technical question, which is standard practice. However, when another engineer asked the AI agent to analyze the question, the agent posted the answer without asking the engineer’s permission to share. Mehta confirmed the incident to the Information.
As it turns out, the AI agent didn’t provide good advice. The employee who asked the question ultimately took action based on the agent’s guidance, which inadvertently made large amounts of company and user-related data available to engineers who were not authorized to access it for two hours.
Meta rated this incident as a “Sev 1”, the second highest severity level in its internal system for measuring security issues.
Rogue AI agents are already causing problems in Meta. Summer Yue, Director of Safety and Integrity at Meta Superintelligence, posted on X last month describing how an OpenClaw agent ended up deleting her entire inbox despite telling her to confirm before taking action.
Still, Mehta seems bullish about the potential of agent-based AI. Just last week, Meta acquired Moltbook, a Reddit-like social media site for OpenClaw agents to communicate with each other.
