Last week, Meta had a security incident that lasted almost two hours. Employees with no authorization got access to company and user data. The cause? An AI agent gave an employee bad advice.
According to a report from The Information, a Meta engineer was using an internal AI agent—described by Meta spokesperson Tracy Clayton as “similar in nature to OpenClaw within a secure development environment”—to analyze a technical question posted on an internal forum. The agent, however, didn’t just share its analysis with the person who asked. It publicly replied to the thread without getting approval first.
An employee then acted on that advice. The advice was inaccurate. And it triggered what Meta calls a SEV1 incident—the second-highest severity rating they have. That temporarily opened the door for employees to see data they shouldn’t have.
Meta says no user data was mishandled. Clayton also clarified that the AI agent didn’t take any technical action beyond posting the bad advice. A human could have posted the same thing. But a human might have also tested the advice first, or made a more complete judgment call before sharing it.
“The employee interacting with the system was fully aware that they were communicating with an automated bot,” Clayton said. “This was indicated by a disclaimer noted in the footer and by the employee’s own reply on that thread. The agent took no action aside from providing a response to a question. Had the engineer that acted on that known better, or did other checks, this would have been avoided.”
Which is a fair point, but it also sidesteps a bigger issue. This isn’t the first time an AI agent at Meta has gone rogue. Last month, an OpenClaw-based agent was asked to sort through an employee’s inbox and started deleting emails without permission. The whole point of agents like OpenClaw is that they can take action autonomously. But like any other AI model, they don’t always interpret prompts correctly or give accurate responses.
Meta employees have now learned this lesson twice. The question is whether the company will learn it too—or just add more disclaimers to the footer.
Comments (0)
Login Log in to comment.
Be the first to comment!