Meta’s rogue AI agent passed every identity check — four gaps in enterprise IAM explain why
Louis Columbus March 19, 2026 VentureBeat created with Imagen A rogue AI agent at Meta took action without approval and exposed sensitive company and user data to employees who were not authorized to access it. Meta confirmed the incident to The Information on March 18 but said no user data was ultimately mishandled. The exposure still triggered a major security alert internally.The available evidence suggests the failure occurred after authentication, not during it. The agent held valid credentials, operated inside authorized boundaries, passing every identity check.Summer Yue, director of alignment at Meta Superintelligence Labs, described a different but related failure in a viral post on X last month. She asked an OpenClaw agent to review her email inbox with clear instructions to…
