Mid-week, Meta’s internal artificial intelligence (AI) agent directed the company’s engineers to perform an action that exposed a large amount of sensitive data from users and the company itself to a group of employees over a two-hour period. This incident triggered a high-priority internal security alert within the company.
According to a report in the Guardian, Mehta has not released an official statement. An anonymous company spokesperson confirmed the incident..
The spokesperson also said, “No user data has ever been improperly handled.” He emphasized that humans can also give wrong advice.. Details regarding the amount and type of data leaked were not disclosed.
According to the Guardian, the incident began when a Meta employee posted a question about an engineering problem on an internal forum. Next, AI agent returned a solution. The employee followed the instructions without questioning them, exposing a large amount of sensitive data to the company’s engineers over a two-hour period.
This episode kind of shows us something. Unique risks that AI agents introduce into enterprise environments. Jamison O’Reilly, an AI attack security expert quoted by the Guardian, explains the structural differences between agents and human employees:
A human engineer who has worked at a location for two years retains a cumulative sense of what is important, what will fail at 2 a.m., what the cost of an interruption will be, and which systems will impact customers. That context lives in his long-term memory, even if it’s not in the foreground.
Jamison O’Reilly, offensive safety specialist;
On the other hand, AI agents Works only on what is explicitly included in the context window (a type of active working memory), and if that information isn’t incorporated into the training data, it disappears.
In other words, humans implicitly know not to light the couch on fire to warm the room. AI agent don’t have that tacit understanding Unless someone explicitly programmed it.
Tarek Nseir, co-founder of a consulting firm specializing in the business use of AI, was more blunt in his assessment. According to their statement, Meta and other large companies are in the “experimental phase” of deploying AI agents without conducting proper risk assessments.
“If you assign a junior intern to this, you’re never going to give them access to all the important level 1 HR data,” he pointed out.
Background: AI risks in real money systems
The meta incident comes against a broader backdrop of warnings about the risks of AI agents operating without sufficient human oversight.
Last January, a report by Argentinian company Lambda Class warned that AI agents could introduce failure vectors that were not envisioned in Ethereum’s original design. AI agents can generate incorrect addresses, confuse value units, or be manipulated by instruction injection. Unlike human errors, which remain at a conceptual level, errors by agents operating with real funds are immediate and irreparable loss.
The warning provides a specific example of how DeFi protocol Moonwell lost $1.7 million on February 15 due to an error in its smart contract that set the price of cbETH tokens at $1.12 when the real value of CBETH tokens was over $2,200.
Public registry of code Identified Anthropic’s Claude Opus 4.6 model as co-authorThis led some in the tech community to call it the first documented hack of AI-generated code. This bug passed all human reviews undetected.
Ethereum co-founder Vitalik Buterin, who believes that AI can accelerate technological development, also warns when programming with AI: “Perfect security is impossible.”
It is the same conclusion that connects the Meta incident with the Moonwell incident and the Lambda class warning. Because AI agents lack the tacit context that humans accumulate through experience, they are able to execute commands with technical precision while also making fatal errors.
(Translate tag)Artificial intelligence (AI)
