Axtarış...

A vulnerability discovered in Meta's AI-powered support system underscores the critical importance of security audits for AI solutions.

According to a report published by the cybersecurity company Malwarebytes, a security vulnerability has been identified in Meta's AI-powered support service used on Instagram to assist users with account-related issues. The investigation indicates that attackers exploited weaknesses in the AI support bot's functionality to compromise several high-profile Instagram accounts.

While the integration of artificial intelligence into critical information systems and user account management introduces significant operational benefits, it also creates new cybersecurity risks. This incident serves as another reminder that these risks are both practical and increasingly relevant.

The report states that the attackers abused the functionality of Meta's AI support bot to add unauthorized email addresses to targeted user accounts, subsequently leveraging account recovery mechanisms to gain control of those accounts. Notably, the attack did not rely on conventional cyberattack techniques such as malware, phishing, or stolen authentication credentials. Instead, it exploited weaknesses in the AI system's decision-making logic and automated execution processes.

According to media reports, the incident affected several high-profile Instagram accounts, including the White House Instagram account from the Obama administration, Sephora, an account belonging to a senior official of the U.S. Space Force, and several other prominent profiles. The incident highlights that granting AI-powered services sensitive privileges—such as managing user accounts, handling authentication workflows, or modifying access rights—must be accompanied by robust security controls, continuous oversight, and comprehensive security validation.