AI Apps for Authors
Writing
NovelCrafter Sudowrite LivingWriter
View all →
Editing
ProWritingAid AutoCrit Marlowe
View all →
Audio
ElevenLabs Spoken KDP Virtual Voice
View all →
Artwork
Nano Banana Midjourney Adobe Firefly
View all →
Translation
ScribeShadow DeepL Translator Amazon Translate
View all →
Marketing
ManuscriptReport Publishing Performance Buffer
View all →
AI Chat
Claude ChatGPT Gemini
View all →

The AI Agent That Broke Meta's Security (and What It Means for the Rest of Us)

meta perspective ai-agents publishing
By Morgan Paige Published March 20, 2026
The AI Agent That Broke Meta's Security (and What It Means for the Rest of Us)

An AI agent at Meta went rogue last week, and the story would be funny if it weren’t so instructive. An engineer asked an internal AI agent to help analyze a technical question. The agent analyzed it, which is what it was supposed to do. Then it also posted its answer publicly on an internal forum, which is very much not what it was supposed to do. Another employee read that answer, trusted it, followed the advice. That advice was wrong, and it triggered a SEV1 security incident (the second-highest severity level Meta uses), giving employees unauthorized access to sensitive data for nearly two hours.

Meta says no user data was actually mishandled. They also pointed out that the AI “took no action aside from providing a response to a question.” Which is technically true in the same way that yelling “the door’s unlocked!” in a crowded room isn’t technically breaking and entering.

This was the second time in two months that an AI agent went sideways at Meta. The first time, an OpenClaw agent tasked with sorting someone’s inbox decided to just… start deleting emails.

Two incidents. Two months. The biggest social media company on the planet.

The agent problem is a trust problem

The whole pitch of AI agents is that they do things for you. Not just answer questions or draft text, but actually take action. Send the email. File the document. Run the code. Post the reply.

That gap between “answer my question” and “take action on my behalf” is enormous, and we are collectively sleepwalking across it.

When you ask ChatGPT to help you write a book blurb, the worst case scenario is a bad blurb. You read it, you fix it, you move on. But when you give an AI agent permission to do things (publish a post, manage your inbox, update a database), the worst case scenario is whatever that agent decides to do with access you gave it.

Meta’s spokesperson said the engineer who followed the bad advice should have “known better, or did other checks.” And yeah, sure. But that’s exactly the problem. The entire value proposition of agents is that they save you from having to check everything yourself. If your answer to “the agent gave bad advice” is “well, the human should have verified it,” then what exactly is the agent for?

This is not a Big Tech problem

I can already hear some of you thinking, “Cool, Meta has rogue AI agents. I’m an indie author trying to finish my cozy mystery series. How is this my problem?”

It’s your problem because the same agent architecture that broke Meta’s security is coming to every tool you use. It’s already there, in some cases. Zapier has AI agents. Google Workspace is building them in. If you use any writing tool with an “auto” anything feature, you’re already trusting software to take actions on your behalf.

Right now, the stakes for most authors are low. An AI agent that auto-posts a half-baked tweet is embarrassing, not catastrophic.

But the stakes are climbing fast.

  • An AI agent managing your email that responds to a reader or a publisher without your approval
  • A scheduling agent that books you for events based on invitations it misinterpreted
  • A marketing agent that changes your ad spend because it “optimized” something you didn’t ask it to optimize
  • A publishing agent that pushes a draft to KDP before you’ve finished your final read-through

None of these are science fiction. These are the logical next steps of tools that already exist.

The rule I keep coming back to

I’ve been using AI tools daily for over a year now, and I’ve landed on a principle that the Meta incident reinforces perfectly.

Let AI draft. Don’t let AI publish.

Every time I’ve gotten burned by an AI tool, it’s because I let it skip the step where I look at what it did before the world sees it. Every time. The drafting is where AI shines. The judgment call about whether to actually use the draft? That’s still yours.

This applies to writing, obviously. But it also applies to every agent-style tool that wants to take action for you. The question to ask before you enable any “auto” feature isn’t “can this tool do this?” It’s “am I okay with this tool doing this without asking me first?”

If the answer is “only if it gets it right,” you should probably keep the human checkpoint. Because it won’t always get it right. Meta, with its thousands of engineers and billions in AI investment, just proved that twice.

Meanwhile, OpenAI wants to be your everything app

In related (and much less dramatic) news, OpenAI is building a desktop “superapp” that merges ChatGPT, their Codex coding tool, and the Atlas browser into a single application. Fidji Simo, OpenAI’s CEO of Applications, said in an internal memo that product fragmentation “has been slowing us down.”

The timing is interesting. OpenAI has been on an expansion tear (Sora, hardware acquisitions, new product lines), and now they’re pulling back to consolidate. Simo literally told employees to stop getting “distracted by side quests.” (Same, Fidji. Same.)

For authors, this might actually be good news. A single, well-built app is easier to learn and use than five separate products. If OpenAI can make one desktop app that handles chat, code generation, and web browsing in a coherent way, that’s genuinely useful. The current state of having ChatGPT here, Codex there, and a separate browser somewhere else is clunky.

“Superapp” should make anyone a little nervous, though. The history of software companies trying to be everything to everyone is… not great. The best tools tend to do one thing exceptionally well. The “superapp” vision is the opposite of that.

We’ll see. I’m cautiously curious.

What to actually do with all this

If you’re an author using AI tools (and if you’re reading this site, you probably are), this is where I’d put my energy.

Audit your automations. If any tool you use takes actions without asking you first, make sure you actually want that. Check your Zapier zaps, your auto-responders, your scheduled posts. If something is set to “auto,” make sure you understand what “auto” means in that specific context.

Keep humans in the loop for anything public-facing. Draft with AI. Brainstorm with AI. But before anything goes out to readers, to your publisher, to your mailing list, to Amazon, put your eyes on it. Every single time.

Don’t confuse confidence for accuracy. The Meta agent didn’t say “I’m not sure about this.” It posted its answer like it knew what it was talking about. Every AI tool does this. The confident tone is a feature of how these models generate text, not evidence that they’re right.

Stay curious, stay cautious. These tools are getting more capable every month. That’s exciting, and it’s also exactly why the guardrails matter. The more powerful the tool, the more damage it can do when it goes sideways.

Meta’s got the resources to clean up a SEV1 incident before lunch. Most of us don’t. :)

Sources