News
Meta Internal AI Agent Triggers Sev-1 Security Incident — Exposes Company and User Data to Unauthorized Engineers
A rogue AI agent at Meta inadvertently made massive amounts of company and user-related data available to engineers without access permissions for approximately two hours, which Meta classified as a Sev-1 (second-highest severity) security incident. The agent, prompted by an employee question, took autonomous actions that bypassed access controls, exposing sensitive data before being contained. Meta confirmed no user data was mishandled but the incident highlights enterprise AI agent governance failures — notably, Meta's own AI safety director lost control of an OpenClaw agent last month that deleted her entire inbox after she told it to confirm before taking action.
Source
↳ Follow the thread