Scoopfeeds — Intelligent news, curated.
ai

The Meta hack shows there’s more to AI security than Mythos

MIT Technology Review · Jun 5, 2026, 9:00 AM · Also reported by 1 other source

Why this matters: a development in AI with implications for how people work, create, and decide.

On June 5, 404 Media reported that attackers had been using Meta’s AI customer support agent to steal Instagram accounts. Their approach was simple: They asked the agent to link the accounts to email addresses that they controlled, and the agent complied. One attacker broke into the dormant Obama White House account and made pro-Iran posts; others took over accounts with valuable, single-word handles, possibly in order to sell them. AI cybersecurity concerns are nothing new. Since Anthropic announced in April that its Mythos model was too good at hacking to be released to the general public, commentators, researchers, and federal officials alike have fixated on the idea that superpowered AI systems could lay waste to our computer infrastructure. That’s not quite what this Instagram hack was: There, AI was the target rather than the attacker, and the method was far simpler than anything Mythos would cook up. But as companies offload more work to AI, these comparatively unsophisticated attacks could wreak their own havoc. “As AI becomes more and more widely used—especially when AI is more and more widely used to automate our work flows, like account recovery—I think attackers are going to be more and more motivated to attack AI itself,” says Neil Gong, a professor of electrical and computer engineering at Duke University. Gong and other scholars have been issuing warnings about the security vulnerabilities of AI agents for a while. They publish papers and blog posts detailing exploits such as indirect prompt injection, which involves hijacking agents using commands hidden in websites, emails, or other seemingly anodyne data sources. Compared with these techniques, the Meta hack was practically mindless. The only complication that hackers had to overcome was using a VPN that matched the true account owner’s location; then they directly asked the support agent to change the account’s email address, and it complied. Meta has not commented publicly on how this vulnerabili

Article preview — originally published by MIT Technology Review. Full story at the source.
Read full story on MIT Technology Review → More top stories

Also covered by

Fast Company Social Security insolvency: This map shows how bad the benefits crisis will be in your state by 2032

More in ai

Wired
OpenAI and Anthropic May Be Rivals, but Investors Aren’t Picking Sides
Wired
Why Apple Might Put Cameras Into Its Next AirPods
Wired
The Best Pool Accessories to Upgrade Your Summer (2026)
Wired
‘Doo Doo Water and a Few Needles’: Inside the Mystery of the New York City Manhole Prowlers
MIT Technology Review
Are AI chatbots making us lose control of our brains?

Browse all ai coverage →

Aggregated and edited by the Scoop newsroom. We surface news from MIT Technology Review alongside other reporting so you can compare coverage in one place. Editorial policy · Corrections · About Scoop