(Credit: Samuel Boivin/NurPhoto via Getty Images)
Yet another incident has raised questions around the readiness of AI tools for the real world. As reported by The Information, Meta employees had access to sensitive company and user data for about two hours last week after an engineer followed instructions from an AI agent.
The incident happened after a Meta employee posted a technical question in the company’s internal forum, and one of its engineers turned to an AI agent for help. The proprietary AI agent was similar in nature to OpenClaw, a Meta spokesperson tells PCMag.
After the AI agent analyzed the question, it was only supposed to present its response to the engineer. However, it went rogue and posted the answer to the internal forum without the engineer's consent. What’s worse is that the rogue AI’s response was inaccurate. A separate employee followed its advice and exposed a large amount of company and user data to unauthorized workers for up to two hours.
Internally, this data exposure was assigned an “SEV1” rating, the second-highest severity level at Meta. However, “no user data was mishandled” during the incident, and the rogue AI agent didn’t take any technical measures beyond providing inaccurate advice, Meta says.
If the engineer who acted on the AI’s advice had used better judgment, the incident could have been avoided, the company added.
“The employee interacting with the system was fully aware that they were communicating with an automated bot. This was indicated by a disclaimer noted in the footer and by the employee’s own reply on that thread,” Meta says. “Had the engineer that acted on that known better, or did other checks, this would have been avoided.”
This is the second security incident involving AI agents at Meta in recent times. Last month, Meta AI researcher Summer Sue’s emails were wiped out by OpenClaw without permission.