Instagram users locked out after Meta AI abused to steal accounts
Attackers exploited Meta's AI-powered account recovery tools by constructing convincing ownership narratives, bypassing identity verification and seizing Instagram accounts. The AI's intent to be helpful became its attack surface — social engineering shifted from humans to LLMs.
This is the AI-as-auth-bypass primitive going mainstream. Defenders should treat any AI-mediated account recovery flow as an adversarial boundary and instrument it for anomaly detection — high-confidence ownership claims with no corroborating signals (device history, geo, behavioral) should trigger human review, not automated action.
Threat actors discovered that Meta's AI support assistant could be persuaded through conversational manipulation to treat them as legitimate account owners. Unlike traditional phishing, this attack requires no credential theft — the attacker simply narrates a plausible recovery story to an AI that is optimized for helpfulness over skepticism.
The core vulnerability is architectural: LLM-based support agents inherit the trust model of human agents but lack the intuition to detect inconsistency or implausibility. An AI that cannot say 'this feels off' is trivially exploitable by a patient adversary with basic social engineering skills.
For security teams, this signals a new class of insider-equivalent threat via AI intermediaries. Any platform deploying AI for identity-sensitive workflows needs explicit guardrails — hard stops on account mutations without cryptographic or out-of-band verification, and rate-limiting on recovery attempts per session regardless of how convincing the narrative sounds.