When Your AI Customer Service Bot Becomes the Security Hole
Meta's support agent got social-engineered into handing over Instagram accounts, and I'll be honest, this is exactly what some of us warned about years ago.
Image credit: Image via Source article. Used under fair use for news commentary. · source
So here's a question I've been asking since these AI support agents started rolling out: what happens when the attacker just asks nicely?
Turns out we have an answer now. 404 Media reported this week that attackers have been using Meta's AI customer support agent to steal Instagram accounts. The method was almost embarrassingly simple. They asked the bot to link accounts to email addresses they controlled. And the bot did it. One attacker even broke into the dormant Obama White House account and started posting pro-Iran content.
Look, I spent 12 years at Kuka dealing with industrial automation security. Different world, sure. But the principle is the same one we learned the hard way in the 90s: any interface that can take commands is an attack surface. Doesn't matter if it's a PLC on a factory floor or a chatbot handling account recovery.
The Problem Isn't the AI, It's the Permissions
When I was at Kuka, we had a saying (probably borrowed from someone else, I forget who): "Never give a machine authority you wouldn't give an intern." These AI agents have been given the keys to account management without, apparently, the kind of verification steps you'd expect from a human support rep.
The thing that gets me is this wasn't some sophisticated attack. No zero-days, no malware, no compromised credentials. Just social engineering. Against a bot. Which, in a way, makes it worse. We've known about social engineering since Kevin Mitnick was making phone companies look foolish. The fact that we're now training AI systems that are vulnerable to the same tricks humans fall for (maybe more so, because they're designed to be helpful) is, well, it's something.
Related coverage
More in AI Models
Researchers tackle two of the biggest blockers for vision-language-action models in production: unsafe navigation around people, and inference speeds too slow for real-time control.
James Chen · 1 hour ago · 6 min
Super Micro Computer's plan to raise $7 billion through equity offerings to stock up on AI server components says something interesting about where the industry thinks this is all heading.
Sarah Williams · 3 hours ago · 5 min
Coverage of Bitcoin's latest slide keeps bleeding into tech and AI beats. Here's why that framing deserves more scrutiny than it's getting.
Aisha Patel · 7 hours ago · 6 min
