Meta AI Agent Breach Exposes Production Gaps Beyond Mythos Model Fears

Attackers used Meta’s customer support AI to re-link Instagram accounts to attacker emails, enabling takeovers including the dormant Obama White House account. The June 5, 404 Media report documented simple direct requests succeeding after VPN location matching, without complex exploits. Gong (Duke ECE) and Ji (Georgetown CSET) noted the absence of basic guardrails despite Meta’s AI and security resources, with the flaw fixed only after public disclosure. Research on indirect prompt injection (e.g., arXiv papers 2023-2024) predicted such agent hijacking, yet deployment skipped red-teaming for task-completion eagerness described by Jha (Wisconsin CS). Unlike Anthropic’s April Mythos withholding over offensive capabilities, this case shows AI as target, not attacker, in workflows like account recovery. Traditional rule-based checks before email changes remain absent in multiple agents, per CSET and Duke warnings.