The argument here is that the AI is a glorified input page. The input field asks for your username and email and sends it to a backend function. Such an input page is working as intended.

The problem is when the backend function doesn't verify that the email matches the username.

▲

dgoldstein0 4 hours ago | parent | next [-]

Why on earth would the backend function even take an email?

Or perhaps said different: use the submitted info to identify the account; send any sensitive messages (recovery codes, password resets whatever) to only the contact info on file. If the chat bot can send such email it should do so via an API that sends only to contact info on file for the associated account and not to an email that's provided by the bot.

	▲	duskwuff 4 hours ago \| parent [-]
		> Why on earth would the backend function even take an email? In principle, it could be designed to do so to handle cases where a new email address has been confirmed out of band, e.g. for an account representing a company or a political office. But that's a relatively unusual situation, not something you'd want to be available to every user writing in. (Even if you had an all-human support department, this sort of functionality would only be available to a select few agents.)

▲

4 hours ago | parent | prev | next [-]

[deleted]

▲

jgalt212 5 hours ago | parent | prev | next [-]

Fair enough. Never trust client-submitted browser form, but always trust LLM-submitted form.

▲

lou1306 2 hours ago | parent | prev [-]

If the backend function was so poorly coded to allow such a gargantuan security hole, then it is an even worse problem. Basically Meta is throwing its own engineers under the bus so that its AI chatbot can save face. Scary stuff.

Unless the backend was _also_ vibe-coded, in which case it is still an AI problem.