a high-trust security tool into a major weakness, cybersecurity experts told Reuters. The episode underscored a broader vulnerability: tech companies hand AI systems sweeping authority over tasks such as account recovery, even as those systems remain susceptible to manipulation through a class of attack known as “prompt injection”, experts said. For Meta, the stumble comes at a sensitive time. The social media giant has doubled down on AI, shedding thousands of jobs while pledging up to $145 billion on AI infrastructure. This incident could sharpen concerns that the company was accelerating automation of critical functions before the technology was ready to handle them safely. Meta said on Monday the issue was resolved and it was securing impacted accounts, but the incident jolted investors already worried about the company’s hefty AI spending, sending its shares down more than 5 per cent. The company declined to share more details. Reuters could not immediately identify or reach the hackers. Jane Wong, a security researcher and former Meta employee whose Instagram handles were compromised, told Reuters it took about five to 10 minutes to reinstate her account. She said in a post on X that her password was changed without her knowledge and that she had received multiple reset request attempts. “This is a foundational architecture failure. The model was given privileged actions without privileged access controls,” said Brian Westnedge, vice president for alliances and partnerships at cybersecurity firm Red Sift. “Meta has faced sustained criticism over its lack of human support, has made large workforce cuts, and is spending billions on AI. This incident lands squarely in the middle of all three.” Hack fans worry about AI use in safety Unidentified hackers carried out the attack over the weekend, locking users out of their accounts and prompting a wave of complaints on platforms including X and Reddit. First reported by online news website 404 Media on Monday, the hack marks the latest setback for Meta in its efforts to roll out AI across its products. The company rolled out the support chatbot in March to address a longstanding issue: the lack of human support for users who lose access to their accounts or face erroneous penalties. A Reuters investigation in August found that Meta had no guardrails in place to prevent its AI chatbots from having “sensual” conversations with kids, offering incorrect medical information or claiming to be real people. Since then, the company has announced that it would give parents of teens greater control to prevent younger users from accessing inappropriate content on its platforms. Analysts and experts said the problem was not limited to Meta, warning that more such exploits were likely as hackers weaponize AI. “The concern isn’t necessarily AI itself, but whether adequate safeguards exist around what the AI is authorized to do,” said Cliff Steinhauer, director of information security & engagement at the National Cybersecurity Alliance. Since ChatGPT’s late 2022 launch spurred a rush to deploy AI chatbots, hackers have been exploiting prompt-based attacks. In one such instance, the attacker tricked a Chevrolet dealership’s bot into selling a Tahoe SUV for $1. “It’s not a Meta-specific issue. People are using these AI agents for a lot of things. What we’re actually seeing is unexpected problems that are coming up with the use of AI,” said Engin Kirda, professor at the Department of Electrical and Computer Engineering at Northeastern University. “In the past, people were targeted by scams. Now, we are seeing agents being targeted by scams,” he said, referring to AI agents or autonomous digital assistants that are enabled to perform complex tasks. Reporting by Deborah Sophia and Jaspreet Singh in Bengaluru. Writing by Aditya Soni. Editing by Sayantani Ghosh and Arun Koyyur. All courtesy of Reuters. Further reading: Sephora, LVMH face probe over marketing to children