Meta's Instagram account hijacking exposed authorization failures in AI agents, not just authentication weaknesses.

In early June, attackers hijacked Instagram accounts by using a VPN to spoof location, then tricked Meta's experimental AI chatbot into adding a new email address to the victim's account and sending verification codes, allowing the attacker to reset the password and gain control.

The core problem was authorization — what the AI agent was permitted to do — rather than authentication (verifying who the user is). Meta's chatbot lacked guardrails to prevent it from performing account-takeover-equivalent actions such as modifying a user's primary email without verification from the original address.

The incident reflects a broader pattern: AI agents are being granted broad access to perform helpful actions without proper authorization frameworks. Similar incidents in 2024 included an AI agent tricked into sending $47,000 in crypto and a Lenovo chatbot manipulated into exposing session cookies.