Facebook and Instagram’s parent company, Meta, announced on Wednesday that it had fixed a security vulnerability that would have allowed other users to see users’ private AI prompts and created content.
Sandeep Hodkasia, an Indian security researcher and the founder of the cybersecurity company AppSecure, spotted the flaw and made it public. Hodkasia informed TechCrunch that he had discovered the vulnerability on December 26, 2024, and that Meta had subsequently given him $10,000 as part of their bug bounty program.
On January 24 of this year, Meta released a patch and reported that it has not discovered any evidence of malicious use of the vulnerability.
The company’s standalone chatbot program, Meta AI, handled user prompt edits incorrectly, according to Hodkasia.
