Meta AI agent triggers sensitive data exposure in internal security incident

TL;DR: An AI agent gave an engineer incorrect guidance that exposed sensitive user and company data to Meta employees for two hours. Meta confirmed the breach but said no user data was mishandled. The incident adds to a growing list of AI-related failures at major tech firms, following similar problems at Amazon.

A Meta employee asked an internal AI agent for help with an engineering problem. The agent’s recommended solution, once implemented, exposed a significant volume of sensitive user and company data to Meta’s engineers for roughly two hours before the issue was contained.

Meta confirmed the incident, first reported by The Information, and said no user data was mishandled. A spokesperson noted that a human engineer could equally have provided poor advice, though the company acknowledged the breach triggered a major internal security alert.

A pattern forming across big tech

This is not an isolated case. Amazon experienced at least two outages linked to internal AI tools last month, according to the Financial Times. More than half a dozen Amazon employees subsequently told the Guardian that the company’s push to integrate AI across all workflows had produced errors, poor-quality code and reduced productivity.

The common thread is agentic AI, software that acts autonomously on behalf of users rather than simply generating text or answering questions. These systems have advanced rapidly since late 2025, from autonomous coding tools to personal assistants capable of managing finances and making purchases without human oversight.

The context problem

Security specialist Jamieson O’Reilly, who focuses on offensive AI, pointed to a fundamental difference between human and machine reasoning. A human engineer who has worked somewhere for two years carries an accumulated understanding of what matters and what breaks. An AI agent has none of that institutional knowledge unless it is explicitly included in the prompt, and even then, that context degrades over time.

Tarek Nseir, co-founder of an AI consulting firm, was more direct: giving an AI agent unrestricted access to critical systems is something most organisations would not do with a junior intern. “The vulnerability would have been very, very obvious to Meta in retrospect,” he said.

Looking forward

For UK businesses evaluating agentic AI tools, the Meta incident offers a practical warning. Deploying AI agents without matching their access levels to their actual reliability remains a significant and under-addressed risk. As Nseir put it: “Inevitably there will be more mistakes.”