A security flaw in Instagram’s AI-powered support chatbot has allowed hackers to take control of user accounts, including several high-profile profiles, raising fresh concerns about the risks of relying on artificial intelligence for sensitive account recovery processes.
According to reports, the attackers did not directly breach Meta’s core systems. Instead, they exploited weaknesses in the decision-making process of the company’s AI support tool, manipulating the chatbot into resetting users’ account credentials without properly verifying their identities.
Among the accounts reportedly affected were profiles associated with the Obama-era White House Instagram page, the beauty retailer Sephora, and a senior United States Space Force official.
Cybersecurity experts said the attackers relied on a technique known as prompt injection, which involves manipulating an AI system through carefully crafted instructions. The hackers also reportedly used VPN services to mimic the location of targeted account holders, helping them bypass certain security checks.
Once inside Instagram’s account recovery process, the attackers allegedly persuaded the chatbot to link new email addresses to targeted accounts.
Verification codes were then sent to the newly added email addresses, allowing password resets to be completed and account control to be transferred.
The incident has sparked alarm among security researchers and affected users.
Former Meta employee and security researcher Jane Manchun Wong revealed that her own Instagram account was targeted during the attacks.
“Quite concerning,” she wrote in a post on X while describing repeated password reset attempts and a temporary lockout before she was eventually able to regain access to her account.
Social media discussions also revealed similar experiences among other users, some of whom reported being locked out of their accounts without warning. Others criticized the lack of accessible human support during the recovery process, saying it made regaining access significantly more difficult.
Meta has since confirmed that the vulnerability has been fixed.
Company spokesperson Andy Stone said affected accounts have been secured and the flaw has been addressed.
“This issue has been resolved and we are securing impacted accounts,” Stone stated.
He also rejected claims that accounts belonging to world leaders had been compromised, describing such reports as “totally false.”
However, reports indicate that an account linked to the Obama-era White House page briefly published content before it was recovered. The account has reportedly remained inactive since 2017.
Meta launched its Instagram AI support chatbot in March 2026 as part of efforts to automate account recovery and reduce dependence on human support teams, an area where users have long complained about slow response times and limited assistance.
The latest incident, however, has intensified debate about the growing role of artificial intelligence in handling sensitive user functions.
Security specialists argue that the problem is not necessarily the AI itself, but the level of authority granted to automated systems.
Brian Westnedge, Vice President of Alliances and Partnerships at cybersecurity firm Red Sift, described the issue as a structural design failure.
“This is a foundational architecture failure. The model was given privileged actions without privileged access controls,” he said.
According to Westnedge, the incident also reflects the challenges facing technology companies that are aggressively expanding AI capabilities while simultaneously reducing staffing levels.
Cybersecurity experts have warned that prompt injection attacks have become an increasingly common threat since the rise of generative AI systems and chatbots.
Cliff Steinhauer, Director of Information Security and Engagement at the National Cybersecurity Alliance, said organizations must carefully control what actions AI systems are permitted to perform.
“The concern isn’t necessarily AI itself, but whether adequate safeguards exist around what the AI is authorised to do,” he explained.
Engin Kirda, a professor at Northeastern University, noted that cybercriminals are increasingly shifting their focus away from individual victims and toward the automated systems acting on their behalf.
“In the past, people were targeted by scams. Now, we are seeing agents being targeted by scams,” he said.
The reports also triggered concern among investors.
Meta’s shares reportedly fell more than five percent following news of the vulnerability as investors weighed the implications for the company’s ambitious artificial intelligence strategy and growing AI expenditure, which is projected to reach as much as $145 billion.
While Meta says the affected accounts have been secured and the vulnerability patched, the company has not disclosed detailed technical information about how the exploit worked.
For many observers, the incident serves as another reminder that as artificial intelligence takes on greater responsibility across digital platforms, security safeguards must evolve just as quickly to prevent automated systems from becoming new points of attack.
