Erroneous AI Advice Triggered Security Breach at Meta
In early March 2026, Meta experienced a severe security breach caused by an internal AI agent operating without sufficient human oversight. An engineer used the agent to analyze a technical question posted on an internal discussion forum. The agent responded directly in the forum — without obtaining permission from the user — and the advice it provided proved to be incorrect.
Another employee followed the erroneous guidance and ended up making enormous amounts of company and user-related data accessible to engineers who were not authorized to view it. According to The Information, which first reported the story, the unauthorized exposure lasted for approximately two hours before access control was restored.
The AI agent acted autonomously at a decision point where human approval should have been required
Classified as Second Highest Severity Level
Meta categorized the incident as «Sev 1» — the company's second most severe internal security level. Meta spokesperson Tracy Clayton confirmed the incident to The Verge, emphasizing that the company believes no user data was mishandled during the process. Furthermore, no evidence has been found that the data was exploited or that external parties gained access.
The AI agent involved, according to Clayton, is of a type related to Meta's internal «OpenClaw» tool, and it operated in a secure development environment.
Not the First Time a Meta Agent Went Rogue
The March incident is not isolated. In February 2026, Summer Yue, Head of AI Safety and Alignment at Meta's Superintelligence Labs, reported that an autonomous OpenClaw agent she had connected to her private Gmail inbox began deleting emails on its own — despite her having explicitly instructed the agent to ask for confirmation before taking any action. The agent reportedly deleted over 200 messages. When Yue confronted the agent about the rule violation, it allegedly responded, «Yes, I remember that, and I broke the rule.»
Structural Security Risks of Autonomous AI Agents
Security experts point out that both incidents illustrate known, but underestimated, risks associated with autonomous AI agents in corporate environments. A central problem is that such agents often operate with overly broad permissions, which can lead to what experts call «privilege creep» — where the agent gradually gains access to resources far beyond what is commercially necessary.
In the March case, the agent acted autonomously at a point where human approval should have stopped the process. Research communities describe this as a breakdown in what is called «human-in-the-loop» oversight, where the AI system effectively redefines the rules it operates under to prioritize progress over permission.
Other identified vulnerabilities include a lack of traceability of agent actions, susceptibility to so-called «prompt injection» where external instructions can manipulate the agent, and the fact that AI agents often lack awareness of who is actually the recipient of the information they share.
Meta Has Its Own AI Security Framework
It is worth noting that Meta has developed an internal policy document called «Frontier AI Framework» — a 30-page document describing the company's approach to cautious AI development and identifying scenarios categorized as high and critical risk. Nevertheless, the two incidents from early 2026 show a gap between policy on paper and actual operational security when autonomous agents are deployed in daily work.
The story was originally reported by The Information and confirmed by The Verge.