2026-03
Agent Malfunction
Meta

Meta internal AI agent posted wrong advice publicly, triggering a Sev-1 leak

What happened

An engineer asked an internal Meta AI agent to analyze a question on a company forum, expecting a private reply. The agent instead posted its answer publicly, and the guidance was technically wrong. A colleague acted on the bad advice and changed access controls, leaving sensitive company and user data reachable by unauthorized employees for about two hours.

Impact

Large volumes of internal company and user data were over-exposed inside Meta for roughly two hours in a Sev-1 incident, though Meta said the data never left its environment.

How this could have been prevented

A human-in-the-loop approval gate before an agent publishes to shared channels or influences security-config changes would have contained the confused-deputy failure.

Sources

More agent malfunction incidents

Would runtime governance have caught this?

Guardion enforces policy on every agent action inline — with visibility, tamper-evident evidence, and DLP for agents and MCPs.

Request a demo