A rogue AI agent at Meta took action without approval and exposed sensitive company and user data to employees who were not authorized to access it. Meta confirmed the incident to The Information on March 18 but said no user data was ultimately mishandled. The exposure still triggered a major security alert internally.The available evidence suggests the failure occurred after authentication, not during it. The agent held valid credentials, operated inside authorized boundaries, passing every identity check.Summer Yue, director of alignment at Meta Superintelligence Labs, described a different but related failure in a viral post on X last month. She asked an OpenClaw agent to review her email inbox with clear instructions to confirm before acting.The agent began deleting emails on its own. Yue sent it “Do not do that,” then “Stop don’t do anything,” then “STOP OPENCLAW.” It ignored every command. She had to physically rush to another device to halt the process.When asked if she had been testing the agent’s guardrails, Yue was blunt. “Rookie mistake tbh,” she replied. “Turns out alignment researchers aren’t immune to misalignment.” (VentureBeat could not independently verify the incident.)Yue blamed context compaction. The agent’s context window shrank and dropped her safety instructions. The March 18 Meta exposure hasn’t been publicly explained at a forensic level yet.Both incidents share the same structural problem for security leaders. An AI agent operated with privileged access, took actions its operator did not approve, and the identity infrastructure had no mechanism to intervene after authentication succeeded.The agent held valid credentials the entire time. Nothing in the identity stack could distinguish an authorized request from a rogue one after authentication succeeded. Security researchers call this pattern th …
