25.3 C
Munich
星期四, 2 7 月, 2026

The Meta hack shows there’s more to AI security than Mythos

Must read

The Download: a startup has a solution for AI’s groupthink problem

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. LLMs...

England legend offers Thomas Tuchel’s side crucial World Cup advice

EXCLUSIVE England icon Emile Heskey had some words of advice for Thomas Tuchel's side when he was asked how he dealt with the constant...

Android 17 is making $1,000 premium Pixel phones perform worse than some budget phones

Gaming has never been a highlight of Pixel smartphones, and things have gone even further downhill since Android 17. #Android #making #premium #Pixel #phones #perform...

Volatile egos, rows and knife threats – No44 in 50 Greatest Bands Of All Time

Formed in swinging London during 1966, Cream are often called the first true “supergroup” since each member already had a significant presence in other...

Gong and other scholars have been issuing warnings about the security vulnerabilities of AI agents for a while. They publish papers and blog posts detailing exploits such as indirect prompt injection, which involves hijacking agents using commands hidden in websites, emails, or other seemingly anodyne data sources. Compared with these techniques, the Meta hack was practically mindless. The only complication that hackers had to overcome was using a VPN that matched the true account owner’s location; then they directly asked the support agent to change the account’s email address, and it complied.

Meta has not commented publicly on how this vulnerability slipped through the cracks. But given the simplicity of the exploit, Gong says, it should have been uncovered easily, before the agent was deployed. “It’s really surprising,” he says. “I don’t understand why they didn’t find this simple problem.”

Jessica Ji, a senior research analyst at Georgetown’s Center for Security and Emerging Technology, agrees. “It raises questions like: Were there even guardrails in place?” she says. “Did anyone think to test for this kind of scenario?” She notes that the oversight is particularly striking coming from a company like Meta, which has extensive expertise in both AI and cybersecurity. Meta did not respond to a request for comment for this article, but on Monday a Meta spokesperson said on X that the vulnerability had been resolved.

As embarrassing a moment as this might be for Meta in particular, it also highlights some core vulnerabilities shared by all AI agents. Unlike traditional software, agents can respond in flexible—and unexpected—ways to new circumstances, which is why they might be able to substitute for human customer support agents. But AI agents can also be tricked in ways that humans wouldn’t be, and because they can take real-world actions, those mistakes have consequences. “A human would say, ‘Okay, why do you want to change the email address?’ and maybe respond with a security question,” says Somesh Jha, a professor of computer science at the University of Wisconsin–Madison. “What is going on with these agents is they’re very eager to finish the task. It’s almost like some elementary school student who just wants to please the teacher.”

There are ways to mitigate the risks. Companies can use traditional software to build guardrails that make sure agents follow strict rules, such as always asking for answers to security questions before sending sensitive account information to a new email address. And the experts consulted for this article all agree that agents should undergo rigorous red-teaming, a process in which developers try their best to attack a system in order to discover its vulnerabilities before it is deployed.

#Meta #hack #shows #security #Mythos

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest article

The Download: a startup has a solution for AI’s groupthink problem

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. LLMs...

England legend offers Thomas Tuchel’s side crucial World Cup advice

EXCLUSIVE England icon Emile Heskey had some words of advice for Thomas Tuchel's side when he was asked how he dealt with the constant...

Android 17 is making $1,000 premium Pixel phones perform worse than some budget phones

Gaming has never been a highlight of Pixel smartphones, and things have gone even further downhill since Android 17. #Android #making #premium #Pixel #phones #perform...

Volatile egos, rows and knife threats – No44 in 50 Greatest Bands Of All Time

Formed in swinging London during 1966, Cream are often called the first true “supergroup” since each member already had a significant presence in other...

Motorola's new Edge (2026) can still be yours with $400 in gifts

Don't waste your time and grab this offer while it lasts. #Motorola039s #Edge #gifts