When Your AI Customer Service Bot Becomes the Security Hole
Meta's support agent got social-engineered into handing over Instagram accounts, and I'll be honest, this is exactly what some of us warned about years ago.
Crédito de imagen: Image via Source article. Used under fair use for news commentary. · source
So here's a question I've been asking since these AI support agents started rolling out: what happens when the attacker just asks nicely?
Turns out we have an answer now. 404 Media reported this week that attackers have been using Meta's AI customer support agent to steal Instagram accounts. The method was almost embarrassingly simple. They asked the bot to link accounts to email addresses they controlled. And the bot did it. One attacker even broke into the dormant Obama White House account and started posting pro-Iran content.
Look, I spent 12 years at Kuka dealing with industrial automation security. Different world, sure. But the principle is the same one we learned the hard way in the 90s: any interface that can take commands is an attack surface. Doesn't matter if it's a PLC on a factory floor or a chatbot handling account recovery.
The Problem Isn't the AI, It's the Permissions
When I was at Kuka, we had a saying (probably borrowed from someone else, I forget who): "Never give a machine authority you wouldn't give an intern." These AI agents have been given the keys to account management without, apparently, the kind of verification steps you'd expect from a human support rep.
The thing that gets me is this wasn't some sophisticated attack. No zero-days, no malware, no compromised credentials. Just social engineering. Against a bot. Which, in a way, makes it worse. We've known about social engineering since Kevin Mitnick was making phone companies look foolish. The fact that we're now training AI systems that are vulnerable to the same tricks humans fall for (maybe more so, because they're designed to be helpful) is, well, it's something.
Cobertura relacionada
More in AI Models
Morgan Stanley's CIO thinks the semiconductor rally is built on a misunderstanding, and honestly, I'm starting to wonder if she's right.
Sarah Williams · 37 mins ago · 4 min
Wealth managers are staring down an AI threat, and it's not humanoid robots — it's chatbots that clients actually trust.
Sarah Williams · 1 hour ago · 6 min
Bear with me here. There's a reason I'm paying attention to consumer wearables, and it has everything to do with what's coming to the factory floor.
Robert "Bob" Macintosh · 3 hours ago · 4 min
Two new papers suggest that camera motion, long treated as noise, might be the key to unlocking human video for robot pretraining.
