A rogue AI agent recently triggered a major security alert at Meta Platforms, by taking action without approval that led to the exposure of sensitive company and user data to Meta employees who didn’t have authorization to access the data.
A Meta spokesperson confirmed the incident, while adding that “no user data was mishandled” as a result of it. The episode underscores the growing risks of giving AI agents access to internal systems.
According to internal Meta communications and an incident report seen by The Information, the episode occurred last week after a Meta software engineer used an in-house agent tool, similar to OpenClaw, to analyze a technical question that another Meta employee had posted on an internal discussion forum. After doing the analysis, the AI agent posted a response in the discussion forum to the original question, offering advice on the technical issue, according to internal communications. The agent did so without approval from the employee.
