The Risk of Agentic AI: A Story of Meta's AI Agent Data Leak

What happens when an AI agent goes rogue in a security-critical environment?

Meta recently experienced exactly that scenario when a Sev 1 cybersecurity incident was triggered after an internal AI agent exposed sensitive, user-related data to engineers without the appropriate permissions.

While Meta maintains that “no user data was mishandled,” the episode underscores a growing cyber risk: the intersection of autonomous AI systems with privileged access and insufficient oversight.

“It’s tempting to treat AI agents as trusted work companions – these systems often offer helpful advice and seem like a safe platform to confide in,” says Mark McClain, Founder and CEO of SailPoint.

“But without strong governance, they can introduce serious vulnerabilities into even the most secure environments," he adds.

"That’s because AI agents can operate independently and learn, adapt and interact in ways that are often hard to predict.

"In fact, 80% of organisations report that their AI agents have already performed unauthorised actions, including accessing and sharing sensitive information.

“Rogue agents introduce a whole host of third-party risks which could manifest into multi-million pound losses.

"To bring AI agents under control, organisations need to introduce technology that governs access rights for digital identities in the same way they would humans.

“Identity security tools can ensure agent access remains contextual and precise, granted when appropriate and aggressively revoked when not. This is critical for responsible, secure and scalable adoption of AI agents.”

How the AI agent leak data?

As reported by The Information, it all started when a software engineer at Meta posted a technical query in an internal discussion forum.

Another employee turned to an in-house AI agent to analyse the issue.

Instead of simply returning a private response, the agent autonomously posted its analysis back into the forum without approval, effectively bypassing expected controls.

When the original engineer implemented the AI-generated guidance, the situation escalated, exposing sensitive data for nearly two hours and highlighting how quickly misconfigurations can translate into real cyber incidents.

“The issue at the heart of this incident isn’t that an AI agent gave inaccurate technical advice. Such scenarios are a common, well-understood risk that applies to any LLM-driven system given their probabilistic, non-deterministic nature,” says Salvatore Gariuolo, Senior Threat Researcher at TrendAI, a business unit of Trend Micro.

“The concern is that a Meta employee relied on AI output without questioning it.

“This speaks to a growing vulnerability that’s common across all enterprises rolling out AI agents today; as users grow accustomed to these systems, trust increases and people stop inspecting the assistant's output themselves. Content starts to feel ‘legit’ just because the system delivered it.”

Humans in the loop for cyber resilience

As large technology organisations restructure around AI-driven efficiencies, this incident exposes what Salvatore describes as a “Catch-22” for agentic AI in cybersecurity.

“Agents need permissions to be useful. But privileged access to corporate resources put agents in a position to carry out problematic actions like that seen in the Meta issue,” he says.

“It’s not realistic to expect enterprises to cut off AI agents from privileges and therefore cap their usefulness, in response.

“Instead, we need to keep humans in the loop, ensuring the assistant behaves as intended, especially before sensitive actions, while also educating users to review and verify its outputs.

“The processes and frameworks to put this positive behaviour and governance into place need to move as fast as AI adoption.”

Building secure-by-design AI agents, embedding zero-trust principles, and implementing robust AI governance architectures, while maintaining continual human oversight, is fast becoming essential.

As organisations integrate thinking agents deeper into their workflows, cyber resilience will depend not just on innovation, but on control, visibility and accountability at every layer.