Meta says it has fixed a privacy vulnerability in its AI chatbot system that inadvertently exposed users’ private prompts and AI-generated responses to other logged-in users.
The issue, discovered in late 2024, was disclosed to the company by cybersecurity researcher Sandeep Hodkasia, founder of the security testing firm AppSecure.
According to TechCrunch, Hodkasia noted that Meta paid him $10,000 in a bug bounty reward for privately disclosing the bug.
What This Means
According to Hodkasia, the vulnerability stemmed from a flaw in Meta AI’s prompt editing feature, which allows users to modify existing prompts to regenerate content.
When Hodkasia inspected the browser’s network traffic during prompt editing, he discovered that Meta’s servers assigned each prompt and AI-generated response a unique identifier, a number that could be manually manipulated.
By changing this identifier, he was able to retrieve another user’s prompt and AI response, demonstrating that Meta’s back-end system failed to validate whether the user requesting the data had permission to view it.
“The bug meant that Meta’s servers were not properly checking to ensure that the user requesting the prompt and its response was authorized to see it,” Hodkasia said.
Meta Responds
In response to the disclosure, Meta confirmed the vulnerability had been resolved and praised Hodkasia for responsibly reporting the issue.
The company has not issued a public advisory or user notification regarding the bug. Cybersecurity experts argue that greater transparency is essential, especially for companies operating in AI spaces where data integrity and privacy expectations are high.
Why It Matters
Though Meta claims no evidence of abuse, experts says the bug highlights serious lapses in access control protocols, particularly troubling for an AI platform built to handle sensitive personal queries.
A recent IBM report found that 74% of consumers are concerned about how AI companies collect and use their data. In Meta’s case, the exposure of private prompts, according to industry sources, shows a looming problem.
Security researchers further warn that AI platforms generate and store content that is often deeply personal or sensitive, making even minor breaches a potential goldmine for cybercriminals.
Talking Points
Meta’s AI privacy flaw highlights a growing risk in the generative AI space: the rush to innovate is outpacing the development of robust privacy safeguards.
The vulnerability, where one user could access another’s AI prompt and response, points to a fundamental lapse in access control logic, an issue that should have been addressed at the earliest stage of system design.
At Techparley, we see this as a wake-up call for AI developers and platform owners. While Meta acted swiftly and responsibly by fixing the bug, the lack of user notification raises questions about transparency and accountability in high-risk AI deployments.
The fact that Meta’s servers generated predictable, guessable prompt identifiers reveals a technical design flaw with serious implications. Had this been exploited at scale, sensitive business data, private health queries, or even legal concerns could have been exposed.
This is not just a Meta problem. As AI platforms become more integrated into messaging apps, productivity suites, and consumer tools, the volume of sensitive content generated and stored is exploding.
