AI Support Systems Become Attack Surface

Cybersecurity researchers have disclosed significant vulnerabilities in AI-powered support systems and enterprise security appliances, with active exploitation occurring within the past 24 hours. The incidents underscore how rapidly AI systems are becoming integrated into critical infrastructure—and how poorly defended many remain.

On June 1, attackers exploited Meta’s AI support assistant bot to reset account credentials, leading to the defacement of high-profile Instagram accounts including those belonging to the Obama White House and the Chief Master Sergeant of the U.S. Space Force. Instructions for the exploit circulated on Telegram, suggesting a deliberate effort to publicise the technique.

Simultaneously, threat intelligence firm Defused Cyber reported active exploitation of multiple critical vulnerabilities in Fortinet FortiSandbox. CVE-2026-39813 (CVSS 9.1) allows unauthenticated attackers to bypass authentication via path traversal in the JRPC API, while CVE-2026-39808 (CVSS 9.1) enables arbitrary code execution through OS command injection. Both flaws are being weaponised in the wild.

The Collapse of the Patching Window

These incidents sit within a troubling broader trend: the window for defenders to respond to vulnerabilities has collapsed. Time-to-exploit has dropped from over 700 days in 2020 to just 44 days in 2025, with Mandiant reporting that 28.3% of CVEs are now exploited within 24 hours of disclosure. AI-assisted attack development is accelerating this timeline further.

Meanwhile, visibility into AI runtime behaviour remains critically lacking. Research indicates that while 70% of organisations deploy AI components in production, 82% cannot observe that AI’s runtime behaviour in real time—a gap that creates both blind spots and opportunities for attackers.

What This Means for Builders and Enterprises

For organisations deploying AI-powered systems, the Meta incident is a wake-up call: AI systems are being built with security-last principles by developers trained in machine learning, not web security. This skills mismatch creates predictable vulnerabilities—weak authentication, excessive file system permissions, and insecure API design.

For enterprises running Fortinet appliances, immediate patching is critical. These flaws require no authentication and enable full system compromise.

The Irish and European Angle

Ireland’s implementation of the EU AI Act comes at a pivotal moment. The AI Office of Ireland, due to be operational by August 1, 2026, will inherit responsibility for overseeing AI system safety in a jurisdiction where major tech firms operate. Notably, the Regulation of Artificial Intelligence Bill 2026 explicitly references the Cyber Resilience Act, ensuring that AI systems must be “secure against malicious cyber-attacks that could compromise their integrity or the data they process.”

However, the pace of vulnerability discovery and exploitation now outstrips regulatory capability. The question is whether Ireland’s distributed enforcement model across 13 sectoral regulators can respond quickly enough to emerging threats in AI infrastructure.

Open Questions

  • How widespread was the Meta AI bot exploitation before disclosure?
  • Are other major platforms’ AI support systems vulnerable to similar credential bypass techniques?
  • Will the EU’s proposed Digital Omnibus Package changes to implementation timelines affect the AI Office’s operational readiness?
  • Can a distributed regulatory model in Ireland keep pace with AI threat evolution?

Source: Krebs on Security