Source: Ars Technica
Meta's support chatbot was socially engineered to bypass account recovery controls. The incident reveals an operational risk: as companies shift customer support to AI to reduce costs, they create a scalable vector for account takeovers that previously required tricking human agents. The problem isn't chatbot hallucination or training data leaks—it's inadequate prompt security and access control. The finding suggests Meta and other platforms haven't built sufficient guardrails into AI support systems against adversarial use.