Overview
In a post highlighted on Hacker News' AI thread, readers are flagging a vulnerability in Meta's AI-assisted support for Instagram. The report notes that the AI support option appears to be A/B tested for only a subset of accounts, but for those accounts where it is enabled, the path to account compromise is described as unexpectedly simple.
As described, the risk hinges on how the AI support channel authenticates requests and delivers recovery actions. The thread emphasizes that an attacker could leverage this feature to gain access with relatively little friction, raising concerns about the security of account recovery workflows that rely on AI-assisted agents.
How the vulnerability works
If the AI support option is enabled for your Instagram account, it appears to be A/B tested for only a percentage of accounts. Anyone can hijack it with little effort. Simply get on a proxy or VPN close to the account's region, then ask the agent to send a code to an arbitrary email address. Once you receive the code, pass it forward to the agent, and it'll provide you with a password reset link which you can then use to sign into the account.
- Step 1: The feature is present only on a subset of accounts during testing.
- Step 2: An attacker uses a proxy or VPN located near the target’s region to initiate the recovery flow.
- Step 3: The attacker prompts the AI agent to send a verification code to an email address under attacker control.
- Step 4: The attacker passes the code back to the agent.
- Step 5: The agent issues a password reset link, which the attacker can use to sign into the account.
Implications
The described sequence, if accurate, drastically lowers the bar for compromising an account that uses AI-assisted recovery. For users, this raises questions about the robustness of recovery workflows and the potential for abuse when an automated support channel is involved. For Meta, the episode underscores the need for rigorous checks around how codes are generated and delivered, and how password reset actions are authenticated when AI agents are in the loop.
What this means for users and the platform
- There is a heightened risk to accounts that rely on AI-supported recovery steps, particularly where verification can be initiated through remote agents.
- Security teams and platform operators may need to reassess how recovery codes are issued and how links for password resets are authenticated.
- Account owners should stay alert for unusual recovery activity and ensure strong, multi-factor protections where available.
Call to action
Meta employees and security teams are being urged to review how the AI support workflow handles verification codes and password reset requests. While the thread details an apparent vulnerability, it also serves as a reminder of the ongoing challenge of securing AI-assisted customer support channels without creating unintended entry points for attackers.
Closing note
This report, drawn from discussions on Hacker News – AI, highlights a potentially serious edge case in account recovery flows. As with many AI-assisted features, ongoing testing, robust authentication, and rapid incident response will be essential to prevent abuse and protect user accounts in real-world use.