| ▲ | Cyan488 5 hours ago |
| > "The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account," said Meta in its breach notice. I'm not sure "worked properly" and "as intended" accurately describe this situation. |
|
| ▲ | vb-8448 4 hours ago | parent | next [-] |
| In italian we say "l'operazione è riuscita perfettamente, ma il paziente è morto" -> "the surgery was a complete success, but the patient died" |
| |
| ▲ | embedding-shape 4 hours ago | parent | next [-] | | Both this and what Meta said reminds me of "Clarke and Dawe - The Front Fell Off" (https://www.youtube.com/watch?v=3m5qxZm_JqM) I also can't believe the people who were involved with writing this response from Meta, didn't realize how obviously bad it sounds. It's like there is no humans working and writing there anymore. | | |
| ▲ | vb-8448 3 hours ago | parent | next [-] | | > It's like there is no humans working and writing there anymore. Don't know if AI is to blame, but I've used to see these kinds of nonsense post-mortems even in the pre-llm era, and it's always due to some internal fighting ongoing between various departments. | |
| ▲ | rothfuss 4 hours ago | parent | prev | next [-] | | I was reminded of the Murray Walker quote. “There's nothing wrong with the car except it's on fire” | | |
| ▲ | lelandfe 3 hours ago | parent | next [-] | | My dad says, "But other than that, Mrs. Lincoln, how was the play?" (Usually said jocularly when everyone is at their most upset, e.g. a vacation ruined) | | |
| ▲ | RRWagner 3 hours ago | parent | next [-] | | A friend said at one of those moments, "And other than that, how was the play Mrs Lincoln?" And the 3rd person replied, "I don't know, I've never seen the play 'Mrs Lincoln'" | |
| ▲ | thrownthatway 2 hours ago | parent | prev [-] | | [dead] |
| |
| ▲ | maxall4 22 minutes ago | parent | prev [-] | | “The strait of Hormuz is open so long as Iran does not fire missiles at ships.” |
| |
| ▲ | 3 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | prinny_ 3 hours ago | parent | prev [-] | | Does it matter if the response is tone deaf or simply misguided? I am a bit nihilistic here, but in one week absolutely nobody will be talking about this. Are the affected individuals going to abandon instagram? Are people going to reduce their usage out of concern for the safety of their accounts? Nothing will happen, hence there is no need for actual humans writing a good, well intended response. | | |
| ▲ | vb-8448 3 hours ago | parent [-] | | > Does it matter if the response is tone deaf or simply misguided? I agree with you that in a week nobody will be talking any more, but I'm pretty sure it's a GDPR data breach, and they can have some trouble within EU. Yeah, they probably don't give a fu.. about EU, but if the response doesn't matter at all why did they spend time on it? |
|
| |
| ▲ | 4 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | thrownthatway an hour ago | parent | prev | next [-] | | [dead] | |
| ▲ | raffael_de 4 hours ago | parent | prev [-] | | "operation successful, patient dead." |
|
|
| ▲ | ChuckMcM 2 hours ago | parent | prev | next [-] |
| Read that as "worked as written" and "we disclaim any consequential or incidental damages and do not warrant this software." I continue to believe we could fix a lot of things in the US if we updated the UCC[1] to disallow 'disclaiming liability on software used in a product.' [1] Universal Commercial Code -- https://www.law.cornell.edu/ucc |
| |
| ▲ | jjmarr 2 hours ago | parent [-] | | I've always wanted to expose myself to unlimited legal liability by distributing open source software. | | |
| ▲ | Terr_ an hour ago | parent | next [-] | | That seems like a false-dichotomy between two extremes when there's all sorts of space in the middle... It's also assuming developer-to-developer tools would have the same rules and exposure as in service-to-consumer. If I sell a physical motor (let alone plans for one) I'll have some liability for things like it Not Exploding. If someone buys a dozen of those motors to assemble a tragically unsafe "rollercoaster" of their own design and construction, I'm almost certainly not responsible for any terrifying decapitations. In other words, most of the world already does not rely on the issuance of "Get Out Of Infinite Liability Free" cards. | | |
| ▲ | ChuckMcM an hour ago | parent [-] | | Exactly this. (and it is a false dichotomy to argue infinite liability). To Terr_'s point, if you were publishing open source you would also publish exactly the things you intended it to be used for and anything else would violate your warranty (possibly implied) that it does what the documentation says it does. There is a huge amount of tort law that covers exactly when it becomes a problem for you the creator vs you the user in your own project. And that liability is also based on once you know something bad could happen you make an effort to notify people[1]. [1] https://www.cpsc.gov/Newsroom/News-Releases/2026/Clorox-Agre... | | |
| ▲ | Ajedi32 40 minutes ago | parent [-] | | Software can be copied infinitely, so even $1 of liability is effectively infinite since an unlimited number of people can potentially use it and sue you when it blows up. Nobody's going to be distributing software on the internet for free if the cost of insurance alone precludes that. | | |
| ▲ | ChuckMcM 31 minutes ago | parent [-] | | This is not how liability works, anywhere. So I write a piece of code that "makes your screen do cool things" and it causes the power supply to fail on those screens. Someone reports that bug to me and I check it out and say "Oh, shit it does break power supplies." Then I immediately put a notice on and in the code that says "WARNING: This code will break the power supply of your montitor." And I put that warning in the repo. And if there is a Discord or a mailing list I tell everyone "Hey, this is important, if you run this code it can break your monitor." Guess what, I'm not liable for the damage. Why? Because I immediately responded once I knew that it could, I made a good effort to warn people who might already have the code of the risk, and I made it clear in the code that this risk is there. Ever wonder why you get a booklet of warnings when you buy a product with even really stupid things like "Don't clean with gasoline" warnings? That's because once you have discharged your duty to warn you are not longer liable in what happens if someone ignores your warning. The flip side is also true, you cannot say in your product both "Hey this product does these cool things" and "We don't warrant the product to actually do anything." This is especially true if there is money involved (like your user paid your some $ for the product.) There is always an implied warranty that the thing will do what you says it will do, which exists as long as the user has heeded all your warnings. | | |
| ▲ | aleqs 7 minutes ago | parent [-] | | There's a pattern I noticed, especially on this site, where people claim various VC/ad/tech dark patterns, enshitification, privacy violations, dishonest marketing, etc MUST be allowed, otherwise open source or 'the internet' will face some sort of existential risk. No bro - open source and the internet existed long before SV tech parasitism did and will exist long after. |
|
|
|
| |
| ▲ | ncallaway an hour ago | parent | prev [-] | | Would that be software used in a product? I don't think that would qualify? |
|
|
|
| ▲ | nkrisc 5 hours ago | parent | prev | next [-] |
| The tool worked correctly and as intended, but due to a bug it did not work correctly nor as intended. |
| |
| ▲ | thih9 4 hours ago | parent | next [-] | | To be fair, that quote in the original article could have more context. By "The tool" they meant "AI-assisted support tool"[1]; perhaps they meant that the issue was not an AI hallucination inherent of the tool, but a fixable bug. [1]: https://www.documentcloud.org/documents/28202858-meta-ai-ag-... | | |
| ▲ | nvme0n1p1 4 hours ago | parent [-] | | In that case, the statement is so meaningless as to be useless. Why should we care how Meta splits up their microservices? The tool still failed. They just want to redefine the "tool" as something else, anything else, to avoid having to admit something negative about their precious AI. > The LLM correctly generated tokens according to user input, however due to a bug in a separate code path, the system did not properly verify the email address > Nginx correctly handled the user requests according to the HTTP standard, however due to a bug in a separate code path, the system did not properly verify the email address | | |
| ▲ | csallen 3 hours ago | parent [-] | | I mean, I think many of us are curious and enjoy hearing more details about how and where bugs like this occur. What's wrong with that? | | |
| ▲ | nvme0n1p1 3 hours ago | parent | next [-] | | I'd love to read a proper technical post-mortem, but this obviously isn't it. It's a carefully-worded statement from a lawyer meant to minimize liability and reputational damage to the company. | |
| ▲ | albedoa an hour ago | parent | prev [-] | | There is nothing wrong with that, and nobody is saying there is. In fact, it is exactly what is being requested here! |
|
|
| |
| ▲ | theptip 4 hours ago | parent | prev | next [-] | | Sounds like they are saying the agent did not malfunction, and this vuln could have been triggered by a human support agent too. | | |
| ▲ | mikeocool 2 minutes ago | parent | next [-] | | Kind of interesting that LLMs are basically being sold as having “human-like” reasoning capabilities, but in this case when “obamawhitehouse” asked to have it’s password reset sent to bob12345667@gmail.com the LLM didn’t question it and just triggered the process that happened to have a bug. Humans support agents certainly fall prey to social engineering all the time, but I can’t think of a case where it was done on this scale so easily. | |
| ▲ | dd8601fn 17 minutes ago | parent | prev | next [-] | | I think they’re blaming a tool function so as not to admit the overall agent process was shit. But it’s irrelevant, outside of PR. We know at least THREE bad components to this process and they were constituent parts. | |
| ▲ | trehalose 4 hours ago | parent | prev [-] | | It probably could have been, but how likely is that compared to with the AI agent? I'd assume (and I'm ready to look like an idiot if I'm wrong) that the humans are trained to send the verification code to the email address on file, rather than any address the client asks them to. I'd certainly assume most of them are more afraid of the consequences than the AI is. |
| |
| ▲ | TZubiri 4 hours ago | parent | prev [-] | | I get the joke, but it's a relevant nuance that the new code, the chatbot, did not have 'the bug'. I still think that the mistake and head that should roll should be the one that published the chatbot. But it's important to acknowledge that there was a 'bug' in an underlying tool and not in the chatbot, and still PIP/fire those responsible for publishing the chatbot and exposed an otherwise internal tool to the public, and not those that introduced the 'bug' to an internal tool. |
|
|
| ▲ | nico 5 hours ago | parent | prev | next [-] |
| That sounds a lot like the justifications Claude and ChatGPT give when confronted about something they did wrong, or when asked to provide a customer support response about software issues |
| |
| ▲ | dmoose 4 hours ago | parent [-] | | I've lost track of the number of times Claude has basically said "it was like that when i got here" in the face of a clearly bogus choice and easily disproved explanation. | | |
| ▲ | Chu4eeno an hour ago | parent | next [-] | | You need to hit the retry/regenerate button more, it's there for a reason. While the "stochastic parrots" thing is a bit overblown, IME most LLMs tend to surprisingly different responses even without changing the context, especially if they're hallucinating or doing something "wrong". | |
| ▲ | AlienRobot 3 hours ago | parent | prev [-] | | They should add a feature called "auto-really" that just automatically says "really?" after the chatbot answers a question to check if it's going to 180 upon this tiniest bit of scrutinity. | | |
| ▲ | lou1306 2 hours ago | parent [-] | | You joke but this is almost literally what Chain-of-Thought does, at least in the early days. They basically just added "Wait," to the model's output and fed it back to the model iirc |
|
|
|
|
| ▲ | Cpoll 5 hours ago | parent | prev | next [-] |
| The argument here is that the AI is a glorified input page. The input field asks for your username and email and sends it to a backend function. Such an input page is working as intended. The problem is when the backend function doesn't verify that the email matches the username. |
| |
| ▲ | dgoldstein0 4 hours ago | parent | next [-] | | Why on earth would the backend function even take an email? Or perhaps said different: use the submitted info to identify the account; send any sensitive messages (recovery codes, password resets whatever) to only the contact info on file. If the chat bot can send such email it should do so via an API that sends only to contact info on file for the associated account and not to an email that's provided by the bot. | | |
| ▲ | duskwuff 4 hours ago | parent [-] | | > Why on earth would the backend function even take an email? In principle, it could be designed to do so to handle cases where a new email address has been confirmed out of band, e.g. for an account representing a company or a political office. But that's a relatively unusual situation, not something you'd want to be available to every user writing in. (Even if you had an all-human support department, this sort of functionality would only be available to a select few agents.) |
| |
| ▲ | 4 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | jgalt212 5 hours ago | parent | prev | next [-] | | Fair enough. Never trust client-submitted browser form, but always trust LLM-submitted form. | |
| ▲ | lou1306 2 hours ago | parent | prev [-] | | If the backend function was so poorly coded to allow such a gargantuan security hole, then it is an even worse problem. Basically Meta is throwing its own engineers under the bus so that its AI chatbot can save face. Scary stuff. Unless the backend was _also_ vibe-coded, in which case it is still an AI problem. |
|
|
| ▲ | RobRivera 5 hours ago | parent | prev | next [-] |
| Oh it was a downstream dependency. The tool worked, it was the downstream dependency. Glory to Arstotszka |
| |
|
| ▲ | ofjcihen 5 hours ago | parent | prev | next [-] |
| Maybe they’re communicating exactly what it sounds like and are just owning up to being complete morons? |
|
| ▲ | 4 hours ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | az226 an hour ago | parent | prev | next [-] |
| I'm sure. It was not working properly nor as intended. |
|
| ▲ | ludwik 5 hours ago | parent | prev | next [-] |
| I like to dunk on Meta as much as the next guy, but I think this makes sense: deterministic verification like this is not, and should never be, the LLM’s job. The tools it has access to should enforce the permissions layer, ensuring that the LLM can never perform actions the user themselves should not be allowed to perform. In this case, the tool failed to do that. |
| |
| ▲ | TZubiri 4 hours ago | parent | next [-] | | >deterministic verification like this is not, and should never be, the LLM’s job. But when humans handled it, this was not as much as a problem. That is, the humans did the job, because they recognized the need to do that job. Sure sometimes accounts could get recovered if a human was tricked, but evidently it was easier to trick the LLM in masse than humans. | | |
| ▲ | ajross 4 hours ago | parent [-] | | > But when humans handled it, this was not as much as a problem. In fact it's arguably a feature. The ability of support staff to short-circuit nitpicky rules when there's an obvious external validation happening (e.g. you're on the phone with a user who's presenting ID in real time and correlating it with previous use of the account, etc...) makes for better data quality and happier customers. Obviously, yes, you can then human-engineer an authentication breach. But that was very difficult, because people are "common-sense careful" in a way we haven't been able to tease out of AI yet. |
| |
| ▲ | jffyjcaa 5 hours ago | parent | prev [-] | | [dead] |
|
|
| ▲ | stephenhuey 2 hours ago | parent | prev | next [-] |
| What was that mantra? Something about broken software is what they aim for? |
|
| ▲ | teaearlgraycold 2 hours ago | parent | prev | next [-] |
| > The tool itself worked properly and functioned as intended The author of the post is close to the author of the AI code on the org chart > however due to a bug in a separate code path, the system did not properly verify The author of the post is far from the author of this "code path" on the org chart |
|
| ▲ | totetsu 5 hours ago | parent | prev | next [-] |
| Then ‘ The tool itself’ was not appropriate to the job in the first place |
|
| ▲ | laweijfmvo 5 hours ago | parent | prev | next [-] |
| so how long was the bug there? was there a way to access it before/without the support agent? it feels like Meta will throw anything under the bus to redirect blame from the AI, because that would be the end of their $600B (depending on “which number you want to go with”) experiment |
|
| ▲ | tomkarho 4 hours ago | parent | prev | next [-] |
| How very Wernher von Braun of them. |
|
| ▲ | dboreham 2 hours ago | parent | prev | next [-] |
| There should have been a test case for this. There wasn't because most shops don't actually test their product. They do some test theater such as unit testing. |
|
| ▲ | cynicalsecurity 2 hours ago | parent | prev | next [-] |
| This-is-fine.jpg |
|
| ▲ | saltyoldman 3 hours ago | parent | prev | next [-] |
| Isn't that exactly what they said when Cambridge Analytics data gathering happened? |
|
| ▲ | TZubiri 4 hours ago | parent | prev [-] |
| Of course. What I gather is that this internal tool was used by human support agents, and it was their responsibility to verify the email adresses and general validity of a claim. But when implementing AGI TM that was overseen, maybe the oversight in the separate code path was a 'bug', but the mistake was making the chatbot obviously, if the separate code path had a bug, then it had become ossified into a feature, and it was internal, not exposed to the public. This is an external communication, to save face sure, but if this is the internal excuse, it would be absolutely the wrong RCA and it reads as if the one who made the mistake is not admitting they made their mistake. Which to be honest, just making the mistake is enough to get fired, but not admitting it is enough to get ultra fired. |
