Meta's Instagram AI Bot Proved the Rule: Every Capability Is an Attack Surface
On June 1, 2026, app researcher Jane Manchun Wong woke up to find her Instagram account compromised overnight. So did the operators of @obamawhitehouse, @hey, @jowo (combined street value: over $1 million), an official Sephora account, and a U.S. Space Force Chief Master Sergeant’s profile. The attacker didn’t exploit a zero-day or breach Meta’s databases. They asked politely. In plain English. To an AI chatbot. The Attack Chain Meta’s AI-powered account support assistant had write access to Instagram’s email-binding and password-reset APIs — enough to do its job of helping users recover locked accounts. The attack required nothing exotic: ...