What happened
Meta's Instagram resolved a security flaw where hackers exploited Meta AI Support Assistant to hijack user accounts, including the Obama-era White House and U.S. Space Force Chief Master Sergeant John Bentinvegna's profiles. Attackers spoofed target locations via VPN, then instructed the chatbot to add a new email address and issue a password reset code, bypassing existing security protocols. Instagram spokesperson Andy Stone confirmed the issue's resolution.
Why it matters
AI-driven support systems, designed for efficiency, introduce critical new attack vectors by granting conversational interfaces elevated permissions without robust verification. For security architects and platform engineers, this necessitates immediate audits of AI-driven workflows that manage sensitive account functions, as these systems can undermine traditional multi-factor authentication and email verification. The vulnerability highlights a pattern of AI-related security exploits, following incidents like Google's AI zero-day exploit in May 2026.
