Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
An AI agent went rogue at Meta and exposed sensitive company and user data to employees who did not have permission to access it.
According to an incident report, which was viewed and reported by The informationA Meta employee posted on an internal forum asking for help with a technical question, which is a standard action. However, another engineer asked an AI agent to help him analyze the question, and the agent ended up posting an answer without asking the engineer for permission to share it. Meta confirmed the incident to The Information.
It turns out that the AI agent did not give good advice. The employee who asked the question ended up taking actions based on the agent’s guidance, inadvertently making massive amounts of business- and user-related data available to engineers, who were not authorized to access it, for two hours.
Meta deemed the incident “Sev 1,” which is the second-highest level of severity in the company’s internal system for measuring security issues.
Rogue AI agents have already posed a problem in Meta. Summer Yue, Director of Security and Alignment at Meta Superintelligence, posted on X last month describing how her OpenClaw agent ended up deleting her entire inbox, even though she asked him to confirm with her before taking any action.
Still, Meta seems optimistic about the potential of agent AI. Last week, Meta bought Moltbooka social media site similar to Reddit for OpenClaw agents to communicate with each other.
