Meta fixes bug that could leak users’ AI prompts and generated content

Meta has successfully resolved a significant security vulnerability that permitted users of its AI chatbot to inadvertently access the private prompts and generated responses of others. Sandeep Hodkasia, the founder of Appsecure, a security testing organization, revealed to TechCrunch that Meta awarded him $10,000 through its bug bounty program for his private report concerning the issue, which he submitted on December 26, 2024. The company implemented a fix on January 24, 2025, and according to Hodkasia, there was no evidence indicating that the bug had been maliciously exploited. He discovered the flaw while investigating the editing functionality of Meta AI, which allows users to modify their prompts for re-generating text and images. During his analysis, Hodkasia found that when users made edits, Meta's back-end systems assigned a unique identifier to the prompt and its corresponding AI-generated output. By monitoring the network traffic while editing a prompt, he realized he could alter this unique identifier, causing Meta's servers to return responses from other users. This flaw indicated that the system was not appropriately verifying user authorization before granting access to prompts and responses. Hodkasia noted that the identifiers generated by Meta's servers were “easily guessable,” raising concerns that a malicious individual could exploit this oversight to scrape original prompts using automated methods. In a statement to TechCrunch, Meta confirmed the bug's resolution in January and emphasized that the company found no signs of abuse. Ryan Daniels, a spokesperson for Meta, acknowledged the researcher’s efforts and the reward provided. This incident highlights the ongoing challenges faced by tech companies as they strive to enhance their AI offerings amid growing security and privacy concerns. Meta AI's standalone application, launched to compete with platforms like ChatGPT, faced initial hurdles, with some users mistakenly sharing what they believed to be private exchanges with the chatbot.