Add Meta to the list of companies destroying their internal systems with AI. An AI agent working on behalf of an engineer reportedly issued instructions that resulted in sensitive user data being exposed to people who were not authorized to see it.
As is often the case in these situations, as a reason An AI agent removes critical code and knocks a server offline at Amazonthe autopsy reads like a comedy of errors. Per Informationit started when a Meta employee asked a technical question on an internal forum for employees to help each other when problems arise. The engineer saw the question and asked the AI agent to analyze it, which resulted in the agent actually sending the answer as an engineer. The original poster saw the lead and decided to act on it, thinking it came from a Meta employee.
It turns out that the AI agent doesn’t quite know what it’s talking about. When the employee acted on his advice, he reportedly released a large amount of information, including sensitive company and user information, to Meta employees who were not authorized to view or access the information. The exposure lasted about two hours before detection.
It’s not the first time someone in Meta has put a little too much faith in an AI agent. Earlier this year, Summer Yue, director of security and compliance at Meta’s super intelligence lab, provided inbox access to open-source AI agent OpenClaw. This is over deletes all his emailsshe begged to stop.
Perhaps that’s why Meta is looking outside its walls to find someone to help with security. Wired reports that Moxie Marlinspike, the man behind Signal and its open-source encryption protocol, Works with Meta to bring end-to-end encryption to AI chatbots.
Marlinspike is working on an encrypted chatbot called Confer, which will reportedly help Meta integrate the technology into its AI offerings — though its platform will continue to operate independently, so it doesn’t look like it will join the company.
“We use LLMs for the kind of unfiltered thinking that we can do in a personal journal—except that journal is an API endpoint to a data pipeline specifically designed to extract meaning and context,” he said. wrote in a blog post. “As Meta builds more AI products beyond the mainstream conversational paradigm, Confer’s privacy technology will be part of the foundation for everything to come.”
