Meta has confirmed a high-severity security incident involving an AI agent that unintentionally exposed sensitive company and user data to unauthorized employees. The issue arose after an internal engineering query was analyzed by an AI agent, which generated and shared a response without approval, leading to actions that temporarily expanded data access across internal systems.
The company classified the event as a “Sev 1” incident, reflecting significant security impact. The response generated by the AI agent was also found to be inaccurate, contributing to the unintended exposure window.
The development follows additional concerns raised by Summer Yue, a safety and alignment director at Meta, who previously highlighted risks associated with autonomous agents. Despite these challenges, Meta continues to invest in agentic AI systems and related infrastructure.
