Meta just had a serious Instagram security incident that’s worth looking at. Chances are other organizations have the same flawed agentic AI setup or are thinking about it.

In Meta’s case, attackers started stealing high-value accounts at scale. Verified accounts. Locked-down accounts. Handles owned since 2010, some worth six figures. Even the Obama White House account got hit.

The exploit was comically simple and crude:

• Attacker initiates a "forgot password" flow, claims the account is hacked

• Turns on a VPN to spoof the target's location (which Instagram now displays publicly on the profile)

• Meta's AI support flow requests a selfie to verify identity

• Attacker grabs a photo from the target's public profile, runs it through an AI video generator to create a liveness animation

• Meta's AI accepts the deepfake as proof

• Email gets swapped. The password reset is then sent to the attacker. And the account gone.

2FA was completely bypassed in the process. The exact mechanism isn't fully documented yet, but the process completely broke.

The part that should concern you more than the exploit itself:

once your account was taken, recovery meant talking to a chatbot with no ability to help and no path to a human. Your asset was gone and there was genuinely no one to call.

What we had here was one AI fooling another AI, with no human in the loop anywhere.

Meta patched this particular problem (supposedly). But what they haven't addressed is the decision to give an AI agent unilateral access to account recovery functions with no hard identity verification backstop. Which means this was an intentional design choice.

Anyone think this will be the last debacle like this?