Meta's AI support agent bound recovery emails for anyone who asked. Your SOC never saw an alert.

VentureBeatby [email protected] (Louis Columbus)June 5, 2026tech

Meta's AI support agent bound recovery emails to accounts for whoever asked, and SOCs never saw an alert. An authorized agent writes a log of legitimate transactions, so nothing in the detection stack fired. Attackers asked the bot to make the change, took the one-time code it sent, and ran the password reset , 404 Media reported. No malware, no stolen credentials, and no prompt injection in the sense most security teams drill for. The agent did exactly what Meta built it to do. That is what sho

This article was published on VentureBeat (venturebeat.com). Read the full article on the original source:

Read full article on VentureBeat

#negative #Security

Meta's AI support agent bound recovery emails for anyone who asked. Your SOC never saw an alert.

More from VentureBeat

Microsoft's AI Futurist explains how he uses Copilot — and the real-world problems enterprises are solving with agents

AI agents are learning on the job — just not for your whole team

Anthropic says 80% of its new production code is now authored by Claude — how your enterprise can keep up

Google's new open source Gemma 4 12B analyzes audio, video — and runs entirely locally on a typical 16GB enterprise laptop

Alibaba's Qwen3.7-Plus supports text, video and imagery inputs at low cost of $0.4/$1.6 per 1M token — but it's proprietary

Perplexity AI unveils hybrid local-cloud inference system at Computex 2026

The Agentic Reckoning: Enterprise AI organizations have a runtime problem, not a model problem — and most are building the wrong solution

Enterprise AI agents keep creating data silos. Microsoft's Build answer is Microsoft IQ and Rayfin.