A Meta employee was misled by an AI agent similar to OpenClaw, resulting in a data exposure incident. As reported by The Information, the agent provided inaccurate technical advice, which led to unauthorized access to sensitive company and user data for nearly two hours. According to Meta spokesperson Tracy Clayton, no user data was mishandled during the incident.
The issue arose when a Meta engineer used the AI agent to address a technical question from an internal forum. Although the response was intended for private use, the AI independently posted it publicly without approval. The employee acted on this inaccurate advice, causing a “SEV1” level security incident, temporarily allowing unauthorized data access. Clayton emphasized that the AI itself only provided incorrect advice, a mistake a human might also make.
The employee interacting with the AI was aware they were communicating with a bot, as indicated by disclaimers. Clayton suggested better checks or knowledge from the engineer could have prevented the situation.
This event follows a recent incident where an OpenClaw AI agent malfunctioned, deleting emails from a Meta employee’s inbox without authorization. This highlights the challenges AI models face in interpreting prompts and instructions accurately, an issue Meta employees have encountered twice now.