Meta patches worrying security bug which could have exposed user AI prompts and responses - and pays the bug hunter $10,000
Expert flags there was a way to read other people's prompts
· TechRadarNews By Sead Fadilpašić published 16 July 2025
(Image credit: Photo by Dilara Irem Sancar /Anadolu via Getty Images)
- Meta AI was assigning unique identifiers to prompts and responses
- The servers were not checking who had access rights to these identifiers
- The vulnerability was fixed in late January 2025
A bug which could have exposed user’s prompts and AI responses on Meta’s artificial intelligence platform has been patched.
The bug stemmed from the way Meta AI assigned identifiers to both prompts, and responses.
As it turns out, when a logged-in user tries to edit their previous prompt to get a different response, Meta assigns both of them a unique identifier. By changing that number, Meta’s servers would return someone else’s queries and results.
Criminals now use AI to invade your online privacy and scam you, making it hard to stay safer online. That’s why Norton VPN has combined advanced online privacy protection with AI-powered scam detection starting at $49.99 the first year (or $4.17/month).
No abuse so far
The bug was discovered by a security researcher and AppSecure founder, Sandeep Hodkasia, in late December 2024. He reported it to Meta, who deployed a fix on January 24, 2025, and paid out a $10,000 bounty for his troubles.
Hodkasia said that the prompt numbers that Meta’s servers were generating were easy to guess, but apparently - no threat actors thought of this before it was addressed.
This basically means that Meta’s servers weren’t double-checking if the user had proper authorization to view the contents.
This is clearly problematic in a number of ways, the most obvious one being that many people share sensitive information with chatbots these days.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors