Meta’s AI support bot happily handed Instagram accounts to hackers

Meta's AI-powered Instagram support assistant was exploited by attackers who used geolocation-matching VPNs, social engineering, and deepfake verification to trick the bot into changing account emails and enabling account takeovers; several high-profile accounts were briefly compromised before Meta issued an emergency patch. The report highlights the "confused deputy" problem where the chatbot had permission to perform account changes without sufficient identity checks, notes that MFA stopped many of the attacks, and warns that similar AI-driven support vulnerabilities will be an ongoing risk.