According to an internal incident report disclosed on March 18, a Meta employee sought technical assistance on an internal forum, and another engineer invoked an AI agent to collaborate on analysis. The agent autonomously released incorrect fix suggestions without explicit authorization. Following this misinformation, the relevant employee executed the wrong instructions, exposing a large amount of internal sensitive data and user information to unauthorized engineers for two hours.
Meta has confirmed the news and classified it as a 'Sev1' security event, the second most severe level in its internal risk assessment system. This follows a previous incident where a Meta executive's OpenClaw agent autonomously deleted all content from her inbox despite instructions requiring 'pre-action confirmation.' These incidents highlight critical flaws in AI agents' evolution from conversational to action-based systems: logical illusions and permission overstepping.