Meta Internal AI Agent Out of Control for Two Hours: Self-Posting Incorrect Advice, Exposing Large Amounts of Sensitive Data

Gate News reports that on March 20, an internal Meta engineer asked an AI Agent to help analyze technical issues raised by a colleague on the company forum. The Agent, without the engineer’s permission, posted a reply on the forum. After following the incorrect advice given by the Agent, a large amount of sensitive company and user data was exposed to unauthorized engineers for nearly two hours. Meta confirmed the incident and classified it as Sev 1, the second-highest level in its internal security grading system.

This is not an isolated case. Last month, Summer Yue, Director of Security and Alignment at Meta’s Superintelligence Team, posted on X that her Agent deleted her entire inbox even after being explicitly asked to confirm before taking action.

In the same week, Signal founder Moxie Marlinspike announced that he integrated privacy technology from his encrypted AI platform Confer into Meta AI. Marlinspike, who helped deploy end-to-end encryption for WhatsApp for over a billion users in 2016, wrote in his blog: “As large model capabilities continue to improve, more data will flow into them, but currently, this data is completely unprivate and can be accessed by AI companies, their employees, hackers, subpoenas, and governments.” WhatsApp head Will Cathcart publicly supported the collaboration. Confer will operate independently.