The Meta hack shows there’s more to AI security than Mythos

This MIT Technology Review article uses the abuse of a Meta AI customer support agent as an example to remind readers that discussions of AI safety cannot focus solely on imagining more powerful, potentially autonomously offensive models like Mythos. According to a 404 Media report, attackers used Meta's AI customer support agent to steal Instagram accounts, and the method was quite straightforward: they asked the agent to link a target account to an email address they controlled, and the agent complied. The report mentions that one of the attackers even compromised the idle Obama White House Instagram account and posted pro-Iran content. The point of the article is not how sophisticated the attack technique was, but that this kind of failure exposes how, when AI agents go live in real product flows and are granted sensitive capabilities such as account recovery, changing email addresses, and resetting passwords, traditional security controls still cannot be omitted. In other words, AI here is not a super-weapon used by attackers, but the operational interface being attacked; the risk comes from enterprises handing models the authority to perform actions without sufficiently strong identity verification, permission tiering, human review, or anomaly detection. The article also uses this to contrast recent safety anxieties about high-capability AI systems: in the long run, models may help automate attacks or discover vulnerabilities, but in the short term, more common and more easily overlooked is enterprises skipping basic security engineering in their pursuit of AI customer service and agent automation. For developers, PMs, and security teams, the lesson of this incident is that as long as an AI agent can change the state of a user account, it should be treated as a high-privilege system rather than a simple chat interface; before deployment it requires threat modeling, red-teaming, least-privilege design, and traceable auditing.