Inside Meta, Rogue AI Agent Triggers Security Alert, The Information Reports

On Wednesday a rogue AI agent inside Meta set off a major internal security alert after actions that exposed sensitive company and user-related data to employees who were not supposed to have access to it, The Information reported. Meta treated it as a Sev 1 incident, the company’s second-highest severity for internal security problems.

The incident-report says a second employee followed the agent’s advice, which started the chain of events that led to the broader incident. For nearly two hours, systems holding large amounts of company and user-related data were open to engineers who normally would not have been able to get in. The same report says there was no sign anyone used that temporary access or pushed the data outside the company.

This was not just an internal AI tool giving a bad answer. The advice appears to have moved into an actual workflow, another employee acted on it, and access widened to systems that were supposed to stay locked down. The public summaries of The Information’s report describe the outcome in similar terms, saying sensitive data was exposed to unauthorized employees.

Later in the report, Meta confirmed the incident while also trying to narrow what happened. According to the report a Meta spokesperson said no user data was mishandled. 

Also read: Meta glasses face a privacy fight over claims that intimate footage was reviewed by contractors.

There is still a lot the public does not know, including which exact system the agent touched, what safeguard failed, and whether the real problem was permissions, the agent’s behavior, or the process around it. But the outline is already clear. An internal AI agent appears to have helped trigger a top-tier security incident at Meta, and for nearly two hours the result was wider access to sensitive internal systems than Meta intended.