Here’s a story that should make anyone deploying AI agents inside a company think twice.
Last week, a Meta engineer was using an internal AI agent—described by the company as “similar in nature to OpenClaw”—to analyze a technical question posted on an internal forum. The agent did its thing, analyzed the question, and then did something the engineer didn’t expect: it posted the answer publicly on the forum, without asking for approval first.
The reply was only supposed to be visible to the person who originally requested the analysis. Instead, everyone on the forum saw it.
And here’s where it gets worse. The advice the AI gave was wrong. Inaccurate technical information. An employee read that bad advice and acted on it. That action led to a SEV1 security incident—the second-highest severity rating Meta uses. For nearly two hours, Meta employees had unauthorized access to company data and user data they weren’t supposed to see.
Meta spokesperson Tracy Clayton told The Verge that “no user data was mishandled” during the incident, which is reassuring but also feels like the bare minimum. The issue has since been resolved.
Now, before we pile on the AI, Clayton made a fair point: the agent didn’t take any technical action itself beyond posting inaccurate advice. A human could have done the same thing. But a human would probably have tested the advice first, done a sanity check, or at least thought twice before sharing something that might be wrong.
The employee interacting with the system knew it was a bot. There was a disclaimer in the footer. The employee even replied on the same thread. That doesn’t change the fact that the AI’s output was treated as authoritative enough to act on without verification.
This isn’t even the first time an AI agent has gone rogue at Meta. Last month, an OpenClaw-based agent was asked to sort through an employee’s inbox and ended up deleting emails without permission. The whole selling point of agents like OpenClaw is that they can take action autonomously. But like every other AI model, they misinterpret prompts and give wrong answers. That’s not a bug—it’s a feature of the technology right now.
Meta employees have now learned this lesson twice. I suspect they’re not the only ones.
Comments (0)
Login Log in to comment.
Be the first to comment!