If you think that a given AI platform is safe because it's backed by a multi-billion dollar company, well, think again. A man who managed to find a security bug on Meta's AI platform was rewarded with $10,000 by Zuck and co.
Meta has recently resolved a critical security flaw that exposed private prompts and AI-generated responses from its Meta AI chatbot to other users, a report by TechCrunch reads. The issue was discovered by Sandeep Hodkasia, founder of security testing firm AppSecure, who reported the vulnerability back in December 2024. For his disclosure, Meta awarded him $10,000 through its bug bounty program (if you happen to find anything, don't hesitate to report on it).
Do you trust AI companies?
Yes.
0%
Not really.
100%
The company confirmed that the bug is now patched, and stated that there was no evidence of malicious exploitation. However, that should ring a bell for everyone who uses AI without a second thought. I won't be the one who tells you to avoid AI like the plague, but one should definitely act cautiously. A line of code could cost you dearly.
Image by Meta
Hodkasia uncovered the flaw while examining how Meta AI lets logged-in users edit prompts to regenerate responses. He noticed that each edited prompt was assigned a unique identifier by Meta's back-end systems. By intercepting network traffic during this process, he realized that altering the identifier allowed access to other users' prompts and responses. The problem stemmed from Meta's failure to validate whether a user was authorized to view a given prompt. According to Hodkasia, the identifiers were predictable, which could have enabled attackers to automate the process and collect sensitive user inputs at scale.
The discovery comes amid broader criticism of Meta AI's privacy practices. Since the launch of its stand-alone app earlier this year, users have inadvertently exposed private conversations by misunderstanding sharing options. The app includes a feature allowing users to share interactions publicly, but many appear unaware that they are posting personal queries, images, and even audio clips for public viewing. Some of these slip-ups have revealed highly sensitive details, from questions about financial crimes and legal troubles to personal data like home addresses. Yikes!
Despite the company's heavy investment in AI, the Meta AI app has seen limited adoption, with about 6.5 million downloads since its April 29 release, according to app analytics firm Appfigures.
Well, nothing is perfect, but a couple more bugs like that and Meta will have to find a new name for the platform. Like Google did with Bard, that is now called Gemini.
Grab Surfshark VPN now at more than 50% off and with 3 extra months for free!
Sebastian, a veteran of a tech writer with over 15 years of experience in media and marketing, blends his lifelong fascination with writing and technology to provide valuable insights into the realm of mobile devices. Embracing the evolution from PCs to smartphones, he harbors a special appreciation for the Google Pixel line due to their superior camera capabilities. Known for his engaging storytelling style, sprinkled with rich literary and film references, Sebastian critically explores the impact of technology on society, while also perpetually seeking out the next great tech deal, making him a distinct and relatable voice in the tech world.
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts:
New accounts created within the last 24 hours may experience restrictions on how frequently they can
post or comment.
These limits are in place as a precaution and will automatically lift.
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: