Major Security Flaw Exposed in Meta's Instagram AI Assistant, Leading to Account Theft of Multiple Influencers

Instagram previously integrated the AI assistant quickly into account management and customer service processes. This vulnerability exposed the systemic risk of lacking multi-factor verification when handling highly sensitive operations (such as email modification), continuing a trend of security incidents caused by AI tools' "overtrust in user input" in recent years.

In terms of capital pathways, hackers exploited the AI's tendency to directly trust user statements, completing attacks through simple dialogue. Meta was forced to urgently take down related functions and fix the issue, motivated by damage control, but some high-impact accounts have already been stolen, highlighting design flaws in AI customer service regarding permission boundaries.

Similar cases include vulnerabilities in other platforms' AI assistants during account recovery processes and the early ChatGPT plugin's excessive permissions incident; social platforms are currently in a transition phase of accelerated deep integration of AI, yet security boundaries remain vague.

Essentially, this represents a technological substitution: account security management is shifting from manual multi-verification to AI assistant automation, with the mechanism prioritizing AI decision speed and convenience leading to missing verification steps, forcing capital to reallocate to stricter permission controls and auditing systems, thereby increasing overall platform security costs.

ABAB News · Cognitive Law

The smarter the AI, the more dangerous the permissions.
Trust is the biggest vulnerability; verification is the only firewall.
Excellent platforms sell security; hasty platforms sell speed.