Ai-Agents

Instagram-style chat showing an attacker asking Meta AI to link a new email to @jane_w — the bot complies without verifying the original owner

Meta's Instagram AI Bot Proved the Rule: Every Capability Is an Attack Surface

On June 1, 2026, app researcher Jane Manchun Wong woke up to find her Instagram account compromised overnight. So did the operators of @obamawhitehouse, @hey, @jowo (combined street value: over $1 million), an official Sephora account, and a U.S. Space Force Chief Master Sergeant’s profile. The attacker didn’t exploit a zero-day or breach Meta’s databases. They asked politely. In plain English. To an AI chatbot. The Attack Chain Meta’s AI-powered account support assistant had write access to Instagram’s email-binding and password-reset APIs — enough to do its job of helping users recover locked accounts. The attack required nothing exotic: ...

June 2, 2026 · 7 min · PCI Oasis

Setting Up Workload Identity Federation: An Agent-Assisted Rollout

Setting Up Workload Identity Federation: An Agent-Assisted Rollout Part 2 of 2 — Implementation Part 1 explained the concepts and the three decisions you need to make: where the WIF pool lives, whether to use branch or environment conditions, and who approves production deploys. This post walks through the actual rollout using an AI coding agent (Claude Code) to examine your existing infrastructure, propose a plan, and execute it step by step — with you reviewing and approving at every decision point. The agent handles the mechanical work. You make the security decisions. ...

April 15, 2026 · 10 min · Kesten Broughton