NEW YORK, June 2 — Meta is facing scrutiny after security researchers found that its AI‑powered support chatbot could be manipulated to grant unauthorised access to Instagram accounts.
Futurism reported that multiple users and cybersecurity researchers demonstrated how Meta’s automated support agent — designed to help with account recovery — could be tricked into handing over access links simply by claiming to be the account owner. In several documented cases, the bot allegedly provided password‑reset or login‑recovery URLs without verifying the requester’s identity.
According to the report, the vulnerability allowed attackers to bypass standard security checks, including two‑factor authentication, by exploiting the chatbot’s willingness to accept unverified claims. Screenshots shared by researchers showed the bot responding with recovery links after minimal prompting.
Meta told Futurism that it had taken action to address the issue, but did not specify what changes were made. The company also said it had not found evidence of “widespread abuse,” though researchers quoted in the article argued that the flaw was significant and easily exploitable.
Cybersecurity analysts warned that the incident highlights broader risks in deploying AI systems for sensitive support functions without robust verification safeguards. Some experts said the case underscores how AI‑driven customer service tools can unintentionally create new attack surfaces if not properly secured.
The report noted that several affected Instagram users have since regained control of their accounts.
