For almost two hours last week, Meta employees had unauthorized access to company and user data thanks to an AI agent that gave an employee inaccurate technical advice, as previously reported by The Information. Meta spokesperson Tracy Clayton said in a statement to The Verge that âno user data was mishandledâ during the incident.
A Meta engineer was using an internal AI agent, which Clayton described as âsimilar in nature to OpenClaw within a secure development environment,â to analyze a technical question another employee posted on an internal company forum. But the agent also independently publicly replied to the question after analyzing it, without getting approval first. The reply was only meant to be shown to the employee who requested it, not posted publicly.
An employee then acted on the AIâs advice, which âprovided inaccurate informationâ that led to a âSEV1â level security incident, the second-highest severity rating Meta uses. The incident temporarily allowed employees to access sensitive data they were not authorized to view, but the issue has since been resolved.
According to Clayton, the AI agent involved didnât take any technical action itself, beyond posting inaccurate technical advice, something a human could have also done. A human, however, might have done further testing and made a more complete judgment call before sharing the information â and itâs not clear whether the employee who originally prompted the answer planned to post it publicly.
âThe employee interacting with the system was fully aware that they were communicating with an automated bot. This was indicated by a disclaimer noted in the footer and by the employeeâs own reply on that thread,â Clayton commented to The Verge. âThe agent took no action aside from providing a response to a question. Had the engineer that acted on that known better, or did other checks, this would have been avoided.â
Last month, an AI agent from open source platform OpenClaw went more directly rogue at Meta when an employee asked it to sort through emails in her inbox, deleting emails without permission. The whole idea behind agents like OpenClaw is that they can take action on their own, but like any other AI model, they donât always interpret prompts and instructions correctly or give accurate responses, a fact Meta employees have now discovered twice.
Read the full article here
