ESKA Security

Meta recently introduced an AI-powered support assistant designed to help users recover accounts, update contact information, and resolve common Instagram and Facebook support issues.

Researchers discovered that attackers could manipulate the AI assistant into making account changes without properly verifying the identity of the legitimate account owner.

In simple terms, the bot could be tricked into replacing the victim's recovery email with an attacker-controlled address, allowing the attacker to reset the password and take over the account.

The key point is that hackers did not compromise Instagram's infrastructure or exploit a traditional software vulnerability. Instead, they persuaded the AI agent to perform the actions for them.

This incident may become one of the first high-profile examples of what security professionals call an Agentic AI Security Failure.

The issue was not the AI model itself. The problem was that the AI agent was granted authority to perform high-risk operations, including:

• Changing account contact details
• Recovering user accounts
• Resetting passwords

In practice, the AI was given Tier 1/Tier 2 support privileges without sufficient security controls and verification mechanisms.

As organizations increasingly deploy AI agents within Service Desk, Help Desk, and Identity & Access Management (IAM) processes, this case serves as an important reminder: AI agents must be treated as privileged users and governed accordingly.

The lesson for cybersecurity is clear: the risk is no longer limited to vulnerabilities in code. It also extends to the business processes and permissions we delegate to autonomous AI systems.

A recent Booking security incident serves as another reminder that even the world's largest platforms can become part of a cyberattack chain.

Booking recently confirmed an incident involving unauthorized access to booking-related data. Following the incident, researchers reported numerous cases of so-called "reservation hijacking" attacks.

Here's how the scheme worked:
1. A customer makes a legitimate hotel reservation through Booking
2. Attackers gain access to booking information or compromise hotel accounts.
3. The guest then receives a message that appears completely legitimate: "To confirm your reservation, please update your payment details." or "Your booking requires payment verification."

The message contains real information:
• Guest name
• Hotel name
• Check-in dates
• Reservation details

From the customer's perspective, everything looks authentic.
And that's exactly why these attacks are so effective.

The problem is that attackers are using legitimate data to build trust.

This incident highlights an important trend in modern cybercrime:
Attackers are no longer relying solely on mass phishing campaigns. Instead, they leverage data breaches, compromised partners, and supply-chain weaknesses to make their attacks highly convincing.

For businesses, the lesson is clear:
Your cybersecurity posture depends not only on your own infrastructure but also on the security of your vendors, partners, and SaaS providers.

Ask yourself:
🔸Do you assess third-party security risks?
🔸Do you evaluate vendors before integrating their services?
🔸Are employees trained to recognize highly targeted social engineering attacks?
🔸Do you have a response plan if a critical supplier is compromised?

ISO/IEC 42001 is the international standard for an Artificial Intelligence Management System (AIMS). It helps organizations build a structured approach to AI governance by defining rules, roles, controls, risk assessment, transparency, accountability, and continual improvement.

Why does ISO/IEC 42001 matter?
Certification helps companies that develop, implement, or use AI systems demonstrate to clients, partners, and auditors that their AI is managed within a clear and controlled framework, not in an ad hoc way.

The standard focuses on key areas such as governance and accountability, transparency, data protection, bias and fairness, security vulnerabilities, system monitoring, continual improvement.

This is especially important for organizations working with sensitive data, automated decision-making, or preparing to meet customer and regulatory requirements.

How to prepare for ISO/IEC 42001 certification?
From a practical perspective, preparation usually starts with four steps:

🔸 Identify where AI exists in your organization
Understand which systems, models, services, or internal processes actually use AI.

🔸 Assess risks and impacts
Evaluate not only business risks, but also the impact on customers, users, data, security, fairness, and compliance.

🔸 Build an AI governance system
Establish policies, roles and responsibilities, change control procedures, monitoring, documentation, internal reviews, and corrective actions.

🔸 Conduct a gap assessment before the audit
Identify what is missing against the standard’s requirements and close those gaps before the certification audit.

Read more in our new article https://www.eskasecurity.com/post/iso-iec-42001-explained-why-it-matters-for-responsible-ai-governance

At ESKA Security, our GRC team has the practical experience and relevant certifications needed to help organizations prepare for an ISO/IEC 42001 compliance audit with confidence.