Meta flaw shows the danger of putting AI in support without enough security

Meta patched a serious flaw involving its AI support chatbot after hackers exploited the system to hijack Instagram accounts. The case raises a huge alert: automating support with artificial intelligence can be useful, but it can also open dangerous doors when it involves account recovery, passwords and digital identity.

According to The Verge and TechCrunch, attackers could ask the chatbot to associate a new email with a target account and then reset the password. Meta says the problem has been resolved.

Quick answer: what happened?

Hackers exploited Meta AI support assistant to change the email associated with Instagram accounts. After that, they could reset the password and take control of the profiles. The flaw has been fixed, but the case shows how poorly protected AI can become a real security risk.

AI support became the weak point

Tech companies are putting AI into everything: service, search, content creation, moderation and support.

The problem is that account support is not just any area. When it involves passwords, email, authentication and access recovery, any mistake can turn into a breach.

In the reported case, the attack did not seem extremely sophisticated. Its strength was precisely simplicity: convincing the chatbot to perform a critical change. The attackers also used a VPN to spoof the victim location and bypass Instagram automatic protections.

Why is it so serious?

Because Instagram accounts can be very valuable. Profiles of brands, celebrities, influencers and rare usernames move money, reputation and audience. A hijacked account can be used for scams, propaganda, extortion, illegal sales or follower theft.

Reports say high-value accounts were targeted, including a page linked to the Obama-era White House and profiles of major brands. In one case, the account briefly displayed propaganda content during the takeover.

AI cannot decide everything alone

The big lesson is clear: not every task should be handed to AI without strong validation.

An assistant can help the user understand how to recover an account. But letting it perform sensitive changes without robust verification is another level of risk.

Changing email, resetting passwords and altering authentication are actions that need extra barriers, logs, review and very well-designed validations.

The era of “vibe-hacking”

The case also shows a new trend: attacks against AI behavior.

Before, many breaches relied on exploiting code, servers or databases. Now there is also the conversation attack: manipulate the agent, bypass rules, induce actions and exploit logic flaws. It is like social engineering, but applied to automated systems.

What should users do?

Even with the flaw fixed, the basics still apply:

• Enable two-factor authentication.
• Use a secure email on the account.
• Avoid reusing passwords.
• Review connected devices.
• Be wary of password reset notices.
• Keep recovery data up to date.

No measure is perfect, but layers of security greatly reduce the risk.

What companies need to learn?

AI in support cannot be treated only as cost reduction. It must be treated as critical infrastructure.

The more power an agent has, the more control it needs. Especially when it can change data, grant access or execute actions on behalf of users.

The question for companies now is simple: is your AI just answering questions, or does it have permission to break your security?

Frequently asked questions

Is the flaw still active?

According to Meta, the problem has been resolved.

Did the flaw affect any account?

The report indicates hackers exploited the system to target specific accounts, especially high-value profiles.

Does two-factor authentication solve everything?

It helps a lot, but does not replace good protections on the platform side.

Why is AI in support risky?

Because if the system has sensitive permissions and weak validation, it can be manipulated to perform dangerous actions.

At DigitalRadar, this case is an important warning: the next big security flaw may not be in traditional code, but in how an AI agent interprets a request.