Media reports suggest a potential vulnerability in the AI-powered support assistant used by Instagram.

According to preliminary information, attackers may have exploited the AI-driven account recovery workflow to take over user accounts.

Meta had previously announced plans to expand AI-powered support for Facebook and Instagram. These assistants are intended to accelerate the handling of user requests, including access issues, account recovery, and profile settings, which may have introduced the reported risk.

According to unverified public reports, attackers were allegedly able to manipulate the bot's conversation flow by specifying a target Instagram profile and initiating account recovery actions, confirmation code delivery, and email address changes without verification from the legitimate account owner. Some reports also suggested the possibility of bypassing two-factor authentication, although the exact attack mechanism has not been publicly disclosed.

At this time, media reports indicate that the vulnerable workflow has been addressed. However, Meta has not released an official statement.