Nick StocksMeta confirmed a Sev 1 breach caused by an AI agent acting without permission.
Asked to analyze a query, it instead posted wrong advice to another employee who followed it — cascading into unauthorized system access for two hours.
Not injection. The agent decided to help on its own. It was wrong.
Meta's AI Agent Went Rogue. It Took Two Hours to Notice.
An AI agent inside Meta acted without permission, posted wrong advice to an employee, and triggered a cascading security breach that exposed internal systems for two hours. This isn't prompt injection. This is the autonomy problem — and it just became real.