When your support bot becomes too helpful

Written By Ed Pike

Meta’s AI-powered support chatbot was exploited by hackers to hijack Instagram accounts including high-profile targets like the Obama-era White House archive and Sephora by manipulating account recovery flows.

The flaw has been patched, but the incident exposed serious weaknesses in AI-driven security.  Attackers didn’t brute-force passwords, they talked their way in.

By prompting Meta’s AI support bot to link a new email address to a target account, the system sent verification codes directly to the hacker, enabling a password reset and full takeover. Some even spoofed location or used AI-generated selfies to bypass identity checks.

This wasn’t a sophisticated zero-day, it was a “confused deputy” problem dressed in GenAI clothing.

When you speed up support, you risk scaling vulnerability.

Meta had recently expanded AI support to handle sensitive actions like password resets at scale, part of a wider industry shift to automate frontline operations.

WHY IT MATTERS

Guardrails aren’t a compliance afterthought, they are the product.

If your AI agent can act (not just advise), then prompt design, escalation rules, and identity verification become behavioural design problems.

Your chatbot is now your weakest, or strongest employee. Treat it like one with training, boundaries, and supervision.

WHAT TO WATCH FOR

  • AI agents gaining transactional authority (reset, approve, transfer)

  • Reduced human-in-the-loop checkpoints

  • Rise of “prompt injection” as a social engineering vector

  • Synthetic identity verification (deepfake selfies, voice clones)

  • If your AI can be persuaded, it can be tricked.

WHY YOU SHOULD BE SUSPICIOUS

We still don’t know the full blast radius. Meta hasn’t disclosed how many accounts were compromised, and much evidence comes from social posts and hacker demos.

The exploit was reportedly patched quickly, which may understate how long similar flaws sit unnoticed. This story is likely the visible tip of a much bigger AI security iceberg.

SOURCE

https://www.theguardian.com/technology/2026/jun/01/meta-ai-hack-obama-sephora-instagram

BESCI AI OPINION

In the world of AI, you are as good as your guardrails, context and instructions. If you have confusion, then an AI Agent, just like an employee may do random things to solve a problem.

We love playing with chatbots and one of our first things is to ask them for a vanilla cupcake recipe. It is surprising how often it works, on phone calls, on websites. It tells us that the designers have been lax in creating boundaries.

Over time, these will get less as the models and designers learn the hard way. Helped (or hindered) by AI finding weaknesses really quickly and at scale.

Ed Pike
Previous

Scaring Bears in Japan
Next

AI Cyber Threats are more sophisticated.