Meta Platforms Inc. Confirmed on Thursday that it has addressed a security flaw in its AI-powered customer service assistant, which had allowed unauthorized users to gain access to other individuals’ accounts through deceptive prompts, according to multiple independent reports. The company did not specify the exact nature of the vulnerability or the timeline of its discovery, but a spokesperson stated the issue was “resolved through internal security protocols and external collaboration with cybersecurity experts.”
The flaw, first identified by a third-party security researcher in early March, exploited a loophole in the AI’s natural language processing system. Hackers could reportedly manipulate the assistant into bypassing authentication measures by crafting specific queries that mimicked legitimate user interactions. This would have enabled access to private messages, account settings, or other sensitive data without requiring credentials, according to a technical analysis published by a cybersecurity firm specializing in AI risks.
A Meta representative declined to comment on whether any user data had been compromised, citing ongoing internal investigations. However, the company reiterated its commitment to “transparent communication” with users and regulators, noting it had notified relevant authorities in accordance with data protection laws. The European Union’s Data Protection Board has not yet issued a statement, but the incident has drawn attention amid broader scrutiny of AI systems’ security vulnerabilities.
The vulnerability underscores the challenges of securing AI-driven services as they become more integrated into daily digital interactions. Experts have warned that such flaws could be exploited at scale, particularly as companies increasingly rely on machine learning models to handle sensitive tasks. A 2023 report by the International Cybersecurity Alliance found that 40% of AI systems reviewed contained at least one critical security gap, though none involved direct account hijacking.
Meta’s resolution comes as the company faces heightened regulatory pressure over its AI initiatives. In February, the U.S. Federal Trade Commission opened an inquiry into the potential risks of Meta’s AI tools, including their impact on user privacy. The latest incident is likely to intensify calls for stricter oversight, even as Meta continues to roll out new AI features across its platforms.
Industry analysts noted that the vulnerability’s discovery and patching highlight the evolving nature of cybersecurity threats. “AI systems are not just tools for automation—they are new attack surfaces,” said a cybersecurity expert not affiliated with Meta. “The speed at which these flaws are identified and addressed will determine public trust in the technology.” No further details about the flaw’s technical specifics or the timeline of its resolution were disclosed by the company.
