Meta's AI support gets socially engineered, badly
A thread about Instagram account takeovers using Meta's own AI support system went viral on HN today. The exploit is embarrassingly simple: make your request look like it is coming from the right region, then tell the support AI the account is hacked and ask it to route verification codes to an arbitrary email. The AI complies. No technical sophistication required.
The pattern here is not that Meta is uniquely incompetent. It is that deploying AI in customer-facing support roles creates a new attack surface that social engineering, not code exploits, is perfectly suited to. The old model of support fraud required impersonating a human agent. The new model just requires knowing which phrases trigger compliance in a large language model. One commenter summarized it as 'Social engineering is all you need.'
This matters well beyond Meta. Any founder building AI-powered support, onboarding, or account recovery flows is building the same vulnerability. The AI does not have the contextual suspicion a human agent develops over time. It is optimized for helpfulness, and that optimization is precisely the exploit.
So what?
If you are shipping AI-powered support or account management, you need an adversarial review of your flows before you launch, not after an incident. Assume that any path where the AI can take a privileged action, resetting credentials, changing contact info, unlocking access, will be probed by bad actors who understand LLM psychology better than your average support ticket.