Tarek Nseir spoke to Aisha Down from the Guardian about what this reveals. Organisations like Meta are moving fast without the risk assessment to match.
A flawed instruction sent to an AI agent inside Meta triggered a serious internal data breach, exposing sensitive user and company information to employees without the relevant access authorisation for roughly two hours. The incident began when an employee posted a technical question in an internal developer forum. A colleague passed the request to an AI agent, which then misinterpreted its brief, posting its response directly into the public forum rather than returning it privately to the requester.
The answer contained significant errors, and the original employee acted on it, setting off a chain reaction that surfaced data across internal systems. Meta classified the event as "Sev 1", its second-highest internal security rating. The company confirmed the incident, first reported by The Information, and stated that no external parties accessed the data and no user data was mishandled externally. The episode illustrates a structural vulnerability in agentic AI deployments, where autonomous systems act without human review at critical decision points.
As organisations race to deploy AI agents at scale, this incident makes the case that governance, guardrails and meaningful human oversight are not optional additions. They are foundational requirements.
Inevitably there will be more mistakes. The question is whether your organisation is learning from the ones that aren't yours.
