The agents are already here, and they just got social engineered.

The Summary

The Signal

A hacker's Telegram video shows the attack in real time. They chat with Meta's support bot, request an email switch on someone else's account, then reset the password. No sophisticated code. No zero-day exploit. Just conversation with an AI trained to be helpful.

This is the new surface area. Meta built an AI agent to scale customer support. The agent had access to account modification functions. The agent lacked robust identity verification. Hackers found the seam between "helpful" and "secure" and drove a truck through it.

"When your support agent is an AI, every hacker becomes a social engineer by default."

The timing is notable. The @obamawhitehouse account started posting Iranian propaganda on Sunday. The US Space Force Chief's account was hit. These aren't random creator accounts. These are high-value institutional profiles. The kind that should have extra protection. The kind where "just ask the chatbot" shouldn't work.

Meta says it's patched. But the patch isn't the story. The story is that we're deploying AI agents with access to critical functions before we've figured out how to make them discriminate between legitimate requests and attacks that look like legitimate requests. The social engineering playbook just expanded to include non-human targets that don't get tired, don't get suspicious, and process requests at scale.

Key vulnerability pattern:

  • AI trained for helpfulness, not skepticism
  • Access to account modification without human verification
  • No rate limiting or anomaly detection for chatbot-initiated changes
  • Trust model assumes the person talking to the bot owns the account

The Implication

Every company racing to deploy AI agents for customer service, IT support, or account management needs to reverse-engineer this attack. What functions does your agent have access to? What identity verification happens before those functions execute? Can your agent be convinced it's talking to someone it isn't?

The Web4 promise is agents that act on our behalf. But "on our behalf" requires unbreakable identity verification. Otherwise, you're just giving attackers a more efficient API for account takeover. Meta patched this hole. The next one is already being probed. Watch for AI agent security frameworks to become a category. They'll need to.

Sources

The Verge AI | Mashable Tech