Meta Fixes Bug That Could Leak Users’ Ai Prompts And Generated Content

Meta has fixed a information bug that allowed Meta AI chatbot users to entree and position nan backstage prompts and AI-generated responses of different users.

Sandeep Hodkasia, nan laminitis of information testing patient Appsecure, exclusively told TechCrunch that Meta paid him $10,000 successful a bug bounty reward for privately disclosing nan bug he revenge connected December 26, 2024. 

Meta deployed a hole connected January 24, 2025, said Hodkasia, and recovered nary grounds that nan bug was maliciously exploited.

Hodkasia told TechCrunch that he identified nan bug aft examining really Meta AI allows its logged-in users to edit their AI prompts to re-generate matter and images. He discovered that erstwhile a personification edits their prompt, Meta’s back-end servers delegate nan punctual and its AI-generated consequence a unsocial number. By analyzing nan web postulation successful his browser while editing an AI prompt, Hodkasia recovered he could alteration that unsocial number and Meta’s servers would return a punctual and AI-generated consequence of personification other entirely.

The bug meant that Meta’s servers were not decently checking to guarantee that nan personification requesting nan punctual and its consequence was authorized to spot it. Hodkasia said nan punctual numbers generated by Meta’s servers were “easily guessable,” perchance allowing a malicious character to scrape users’ original prompts by quickly changing punctual numbers utilizing automated tools.

When reached by TechCrunch, Meta confirmed it fixed nan bug successful January and that nan institution “found nary grounds of maltreatment and rewarded nan researcher,” Meta spokesperson Ryan Daniels told TechCrunch.

News of nan bug comes astatine a clip erstwhile tech giants are scrambling to motorboat and refine their AI products, contempt many information and privateness risks associated pinch their use.

Meta AI’s standalone app, which debuted earlier this year to compete pinch rival apps for illustration ChatGPT, launched to a rocky commencement aft immoderate users inadvertently publically shared what they thought were backstage conversations pinch nan chatbot.