Meta AI agent exploited for account takeovers

Meta's AI support agent was exploited to facilitate account takeovers by binding new recovery emails and resetting passwords without triggering security alerts. Attackers leveraged the agent's trusted status to execute these actions, bypassing traditional security controls. This incident underscores a critical architectural flaw where authorization resides within the AI model itself, rather than a separate, secure gate. Security operations centers (SOCs) need robust auditing and external authorization mechanisms to prevent such exploits, as AI agents integrated into sensitive processes pose significant risks.