Meta's AI support agent was tricked into stealing Instagram accounts by simply asking it to change email addresses, revealing security gaps in AI agents used for customer service.

On June 5, 404 Media reported that attackers used Meta's AI customer support agent to steal Instagram accounts by asking the agent to link accounts to email addresses they controlled. One attacker broke into the dormant Obama White House account and made pro-Iran posts; others took over accounts with valuable, single-word handles, possibly to sell them.

The hack exploited a fundamental weakness in AI agents (AI systems that take autonomous actions to complete tasks): unlike humans, they can be tricked into performing sensitive operations without proper verification, such as changing account email addresses without security questions. The attackers only needed a VPN matching the true account owner's location before directly requesting the email change.

Experts say the vulnerability should have been caught before deployment through red-teaming (a security practice where developers try to attack a system to discover flaws before release). Neil Gong, a Duke University professor, called it surprising that such a simple problem slipped through at a company with Meta's AI and cybersecurity expertise.