An Instagram intrusion in which attackers persuaded Meta’s AI support chatbot to hand over access to prominent accounts has drawn attention to a central vulnerability in the company’s push to automate account-management functions.
Attackers succeeded in gaining control of several notable accounts after convincing the chatbot to reset account credentials without independently verifying the identities of requesters. Among the affected accounts were the dormant Obama White House page, a Sephora retailer account and that of a senior U.S. Space Force official. Cybersecurity specialists who reviewed the case said the chatbot was effectively turned from a trust-enhancing tool into an exploitable weakness.
Meta said the problem was resolved on Monday and that the company was securing impacted accounts. The incident, however, prompted investor concern about the firm’s heavy AI investments, sending the company’s shares down by more than 5%.
Security researcher Jane Wong, whose Instagram handles were compromised during the incident, reported that she regained access to her account in roughly 5 to 10 minutes. In a post on X, she noted her password had been changed without her knowledge and that she received multiple reset-attempt notifications prior to regaining control.
"This is a foundational architecture failure. The model was given privileged actions without privileged access controls," said Brian Westnedge, vice president for alliances and partnerships at cybersecurity firm Red Sift.
Westnedge tied the breach to broader business decisions at Meta, saying the episode landed at the intersection of criticism about reduced human support, large workforce cuts and the company’s multibillion-dollar AI spending commitments.
Security experts described the technique used in the attack as a form of "prompt injection," where adversaries manipulate an AI agent by crafting inputs that cause it to perform actions that bypass intended constraints. Observers warned that as technology firms extend autonomous authority to AI systems for tasks such as account recovery, those systems remain susceptible to manipulation through this class of attack.
Industry commentators stressed the distinction between AI as a technology and the governance that surrounds its use. "The concern isn’t necessarily AI itself, but whether adequate safeguards exist around what the AI is authorized to do," said Cliff Steinhauer, director of information security & engagement at the National Cybersecurity Alliance.
Since the introduction of consumer-facing large language model chatbots in late 2022, prompt attacks have increasingly been weaponized by bad actors. Experts pointed to previous instances of attackers tricking service bots into performing unauthorized transactions as examples of the same underlying vulnerability being exploited in different contexts.
"It’s not a Meta-specific issue. People are using these AI agents to do a lot of stuff. What we’re actually seeing is unexpected problems that are coming up with the use of AI," said Engin Kirda, professor in the Department of Electrical and Computer Engineering at Northeastern University.
Kirda described a shift in adversary focus: where victims were once targeted by scams directed at people, attackers are increasingly aiming scams at AI agents or autonomous digital assistants that carry out complex tasks on behalf of users.
The Instagram chatbot at the center of this incident had been rolled out in March to provide account-recovery support to users who lose access to their accounts or face incorrect enforcement actions, a response to longstanding criticism about the lack of human support. The breach has prompted fresh scrutiny about whether the move to automated support was accelerated before sufficient guardrails were in place.
A Reuters investigation published last year had previously raised concerns about inadequate controls around Meta’s AI chatbots, noting instances in which the systems behaved inappropriately or provided incorrect information. In response to other safety concerns raised since then, Meta announced measures aimed at giving parents more control over teens’ access to content on its platforms.
Analysts and security professionals cautioned that the problem illustrated by this episode is likely broader than any single company. As automated agents take on more authority, the risk surface for attackers widens and the potential for incidents that affect user trust and market confidence grows.
What this means for markets and services
- Technology and social media platforms face heightened scrutiny from investors when security lapses intersect with large expenditures on AI infrastructure.
- Cybersecurity vendors and services may see increased demand as companies reassess where human oversight is required versus what can be safely automated.
- Consumer trust in automated support mechanisms could be damaged if similar intrusive exploits continue to surface.
Meta declined to provide additional details about the incident beyond stating that it had resolved the issue and was securing impacted accounts. Reuters could not immediately identify or reach the attackers responsible for the intrusion.
As companies continue to integrate AI agents into customer service and account-management workflows, experts say attention must shift to ensuring those agents operate within explicit, enforceable authorizations and that robust identity verification remains central to any privileged action.