https://blog.pcioasis.com/tags/least-privilege/Recent content in Least-Privilege on PCI Oasis BlogHugoen-usTue, 02 Jun 2026 00:00:00 +0000https://blog.pcioasis.com/posts/llm-security/meta-instagram-ai-excessive-agency/Tue, 02 Jun 2026 00:00:00 +0000https://blog.pcioasis.com/posts/llm-security/meta-instagram-ai-excessive-agency/Meta's Instagram AI support bot handed attackers $1M+ in premium accounts because it had write access to authentication APIs and no confirmation gate. The fix is architectural: treat every AI capability as attack surface and apply least privilege before you ship.