Meta resolves security bug exposing users' AI content
Meta just fixed a major privacy glitch in its AI that let people sneak a peek at others' private prompts and responses—just by tweaking some numbers in the system.
Security researcher Sandeep Hodkasia found the issue, reported it on December 26, 2024, and Meta rolled out a fix on January 24, 2025.
How the bug worked
Turns out, Meta's prompt editing feature made it too easy to access stuff you weren't supposed to see. By inspecting network traffic and changing predictable IDs, Hodkasia could pull up other users' data.
Thankfully, Meta says no one else took advantage of this before the patch.
For his sharp eye (and responsible reporting), Hodkasia got a $10,000 bounty—a reminder that even tech giants need to stay on top of security as they race to build smarter AI.