Hackers manipulated Meta’s own AI-powered support assistant to seize control of dozens of Instagram accounts, exploiting the chatbot’s automated responses to bypass normal account security procedures.
The attackers tricked the AI into providing steps or verification pathways that allowed unauthorized access, turning Meta’s customer support tool against the platform’s own users.
How the Attack Worked
Meta’s AI support bot handles a high volume of account recovery and help requests, automating responses that would otherwise require human review.
Hackers crafted prompts designed to manipulate the bot into treating fraudulent requests as legitimate, a technique security researchers call prompt injection — where malicious input steers an AI system toward unintended outputs.
By doing so, they effectively used Meta’s own infrastructure to strip account holders of access to their profiles.
Meta’s Response
Meta has not issued a detailed public statement outlining what specific guardrails it will add to prevent similar manipulation of its AI systems.
The company has faced sustained scrutiny over account security on Instagram, which Meta reported had more than 2 billion monthly active users as of its most recent earnings disclosure.
Account hijacking on the platform is not new. Still, the use of the company’s own AI tool as the attack vector marks a significant shift in how threat actors approach social media intrusion.
Broader Security Implications
AI-assisted customer support has spread rapidly across the tech industry as companies seek to reduce costs and handle scale.
That speed of deployment has outpaced security testing in several documented cases. Security researchers have repeatedly demonstrated that large language models — the AI engines powering chatbots like Meta’s — can be manipulated through carefully worded inputs to ignore built-in restrictions.
Even so, few major platforms have disclosed incidents where their own AI support tools directly facilitated account takeovers at scale.
The incident draws fresh attention to a structural risk: AI systems trained to be helpful can become liabilities when that helpfulness is weaponized.
Researchers at firms including OWASP have flagged prompt injection as one of the top security risks facing large language model applications, warning that the vulnerability is difficult to patch without fundamentally limiting what an AI can do.
Meta launched its AI assistant across its family of apps — including Instagram, Facebook, and WhatsApp — beginning in 2023, positioning it as a central feature of user interaction across its platforms.
