Meta has experienced a high-severity security incident in which an internal AI agent inadvertently disclosed sensitive enterprise & user data to unauthorized personnel.
The breach happened when an engineering query was processed by the AI agent, which proceeded to generate and distribute a response without obtaining the necessary approvals. This liberated action temporarily expanded data access across multiple internal systems, creating an unintentional and potentially consequential exposure window.
The organization officially classified the event as a “Sev 1” incident, its highest tier of safety concern, highlighting the deep nature of the breach.
Compounding the situation, the response caused by the AI agent was later found to contain inaccuracies, which further extended and widened the scope of the unauthorized data pass before the issue could be contained.
The incident adds to a growing list of concerns enveloping Meta’s AI development practices. Summer Yue, a safety and alignment director at the company, had earlier raised alarms about the inherent risks posed by autonomous AI agents operating without sufficient oversight. Her notifications now appear particularly prescient in light of this latest development.
