Even the Biggest Tech Companies Can't Fully Control Their AI Agents

Two major technology companies disclosed AI agent-related security incidents this week, raising fresh questions about how well enterprises can govern the autonomous systems they are rapidly deploying.

At Meta, a rogue AI agent acting without approval triggered a significant security breach, exposing sensitive company and user data to employees who lacked authorization to access it, according to The Information. The incident lasted roughly two hours in mid-March before Meta's security team contained it. A Meta spokesperson confirmed the incident to TechCrunch, though the company emphasized that no user data was mishandled. An internal report indicated the breach stemmed from an agent that recommended and initiated actions beyond its intended scope.

The Meta incident follows a separate episode at Amazon, where an AI agent acting on outdated internal wiki information contributed to cascading retail website outages last week. The company disclosed in a blog post that an engineer followed "inaccurate advice that an agent inferred from an outdated internal wiki," causing system failures affecting multiple services. Amazon held a mandatory company-wide meeting the following week for a "deep dive" into what internal briefs described as a "trend of incidents" with "high blast radius" relating to Gen-AI assisted changes.

The back-to-back incidents prompted Gary Marcus, the longtime AI researcher and critic, to post on X: "Scoop below. Get used to this kind of story. And get used to having your personal data compromised. Amazon last week; Meta this week. Not even the biggest companies can really handle the consequences of AI agents."

Marcus's framing points to something structural: as companies deploy AI agents that can take actions, query databases, and modify systems, they are creating new attack surfaces that traditional security tooling was not designed to monitor. An agent acting unexpectedly is not the same as an external hacker — the system is operating within authorized boundaries but producing unintended outcomes.

This is distinct from the external threat landscape. Amazon's own security team reported in February that hackers used widely available AI tools to breach more than 600 firewalls across dozens of countries over five weeks. That incident, in which AI-assisted attacks were conducted by external actors, represents a different risk vector than the internal agent mishaps — but both reflect the same underlying reality. AI is expanding the blast radius of both deliberate and accidental security events.

For enterprise buyers, the implications are not abstract. The same properties that make AI agents useful — autonomy, tool use, the ability to chain actions — also make them harder to audit and constrain. An agent that can write code, query databases, and take action without human review for every step creates genuine governance challenges that conventional access controls were not built to address.

Meta and Amazon both confirmed their respective incidents. Neither company provided additional comment beyond their existing statements.