The Meta hack shows there’s more to AI security than Mythos

On June 5, 404 Media reported that attackers had been using Meta’s AI customer support agent to steal Instagram accounts. Their approach was simple: They asked the agent to link the accounts to email addresses that they controlled, and the agent complied. One attacker broke into the dormant Obama White House account and made pro-Iran posts; others took over accounts with valuable, single-word handles, possibly in order to sell them.

AI cybersecurity concerns are nothing new. Since Anthropic announced in April that its Mythos model was too good at hacking to be released to the general public, commentators, researchers, and federal officials alike have fixated on the idea that superpowered AI systems could lay waste to our computer infrastructure. That’s not quite what this Instagram hack was: There, AI was the target rather than the attacker, and the method was far simpler than anything Mythos would cook up. But as companies offload more work to AI, these comparatively unsophisticated attacks could wreak their own havoc.

“As AI becomes more and more widely used—especially when AI is more and more widely used to automate our work flows, like account recovery—I think attackers are going to be more and more motivated to attack AI itself,” says Neil Gong, a professor of electrical and computer engineering at Duke University.

Gong and other scholars have been issuing warnings about the security vulnerabilities of AI agents for a while. They publish papers and blog posts detailing exploits such as indirect prompt injection, which involves hijacking agents using commands hidden in websites, emails, or other seemingly anodyne data sources. Compared with these techniques, the Meta hack was practically mindless. The only complication that hackers had to overcome was using a VPN that matched the true account owner’s location; then they directly asked the support agent to change the account’s email address, and it complied.

Meta has not commented publicly on how this vulnerability slipped through the cracks. But given the simplicity of the exploit, Gong says, it should have been uncovered easily, before the agent was deployed. “It’s really surprising,” he says. “I don’t understand why they didn’t find this simple problem.”

Jessica Ji, a senior research analyst at Georgetown’s Center for Security and Emerging Technology, agrees. “It raises questions like: Were there even guardrails in place?” she says. “Did anyone think to test for this kind of scenario?” She notes that the oversight is particularly striking coming from a company like Meta, which has extensive expertise in both AI and cybersecurity. Meta did not respond to a request for comment for this article, but on Monday a Meta spokesperson said on X that the vulnerability had been resolved.

As embarrassing a moment as this might be for Meta in particular, it also highlights some core vulnerabilities shared by all AI agents. Unlike traditional software, agents can respond in flexible—and unexpected—ways to new circumstances, which is why they might be able to substitute for human customer support agents. But AI agents can also be tricked in ways that humans wouldn’t be, and because they can take real-world actions, those mistakes have consequences. “A human would say, ‘Okay, why do you want to change the email address?’ and maybe respond with a security question,” says Somesh Jha, a professor of computer science at the University of Wisconsin–Madison. “What is going on with these agents is they’re very eager to finish the task. It’s almost like some elementary school student who just wants to please the teacher.”

There are ways to mitigate the risks. Companies can use traditional software to build guardrails that make sure agents follow strict rules, such as always asking for answers to security questions before sending sensitive account information to a new email address. And the experts consulted for this article all agree that agents should undergo rigorous red-teaming, a process in which developers try their best to attack a system in order to discover its vulnerabilities before it is deployed.

But there are also countervailing forces. Companies want to deploy capable agents, and the more power an agent has—and the fewer guardrails it is subject to—the more work it can potentially take on. “Security and utility always have a trade-off,” says Bo Li, a professor of computer science at the  University of Illinois Urbana-Champaign. And adequate red-teaming can be expensive. Defenders have to expend more resources than attackers do, because attackers only need to discover a single exploit, while defenders try to discover and patch as many as they can. When attackers are working toward something as valuable as a single-word Instagram handle, they’ll pour resources into finding exploits, so defenders have to spend even more money to protect that prize. 

As AI models continue to improve, hardening their defenses might actually get easier. Though the probabilistic nature of large language models means that LLM agents will always be vulnerable to some forms of attack, a more sophisticated model might have identified an attempt to change the email associated with the Obama White House account as suspicious. And AI systems can be used for agent red-teaming, much as participants in Anthropic’s Project Glasswing use Mythos to identify vulnerabilities in their software. 

Still, experts expect that the problem of securing AI agents will only become more pressing in the future. As agents grow more capable, companies that adopt them may want to give them more power, both to provide more services with fewer humans and to avoid being left behind by their competitors. In the fast-moving world of AI, the time needed to carefully secure risky agentic systems might seem like an unconscionable delay.

“Everybody wants to be the first to do something and just push things out without careful scrutiny and red-teaming,” Jha says. “I think it’s a very dangerous thing.”

Are AI chatbots making us lose control of our brains?

This week I’ve been at SXSW London. There’s been music, film, and a lot—and I mean a lot—of talk about AI. I also had the opportunity to sit down with Gloria Mark, a psychologist at the University of California, Irvine, who has spent the last 30 years studying how people interact with digital technologies.

Early in her career, the biggest concerns were the potential impacts of internet and email use on our brains. We may laugh those concerns off today, but it’s true that as the technologies became more ubiquitous and ingrained in our daily lives, our attention spans began to shrink.

Mark is worried that things are only getting worse. The title of our session was “Have we lost control of our brains?” Unfortunately, Mark told me, the answer is yes.

Around two decades ago, Mark started wondering about how our use of devices might affect our attention spans. She set up what she calls “living laboratories,” using sensors and trackers to monitor adult volunteers’ attention, mood, and behavior when they were using devices.

In 2003, she found that the average user had an attention span of around two and a half minutes. That’s how long people could spend focused on one thing before moving on to something else. “That surprised me at the time,” she told me during our session on Wednesday. “I thought: Wow, this is really short.

But when she repeated the experiment in 2012, she found that attention spans had shrunk—all the way down to around 75 seconds on average, she said. In research she conducted between 2014 and 2020, attention spans shrank further still—to a mere 47 seconds, on average. Yikes.

And it’s not good for us. Mark told me that she’s found switching our attention so frequently is stressful. “We would have people wear heart rate monitors, and … we would see direct correlation between switching attention fast and stress going up,” she told me.

All this distraction makes it harder for us to get stuff done, too. “It just takes longer to do any single task if you’re switching your attention,” she told me. “It’s not great for performance. It’s not great for our emotional well-being.”

And that’s for adults. What about the effects of digital technologies on children? A few months ago, Meta (which owns Facebook and Instagram) and Google’s YouTube were ordered to pay millions of dollars in damages to a 20-year-old woman who had accused the companies of creating products that led her to develop a childhood addiction.

Just a couple of weeks ago, Meta settled another lawsuit, this one brought by a rural school district in Kentucky. The district had also accused the company of designing addictive products that were harmful to students and had sought more than $60 million to cover the costs of their mental-health needs. Around 1,200 other school districts are taking similar legal action against social media companies.

But social media isn’t all bad, all the time. It can provide opportunities for some people, including those from marginalized groups, to form connections that might otherwise be difficult. A 2024 survey of LGBTQ+ teenagers found that while some described social media as a place of rejection and fear, others described it as a place where they felt a sense of belonging, where they could develop friendships and cultivate their identity.

In truth, we can’t definitively say what effects using social media is having on children across the board, says Mark. “There have been lots and lots of studies, and the evidence is to date inconclusive,” she told me. (Despite what you might read in best-selling books on the subject.)

Mark is hopeful that large, long-term studies might finally start shedding a bit more light on this question. An effort of this nature is underway in Australia, which enacted a social media ban for under-16s at the end of last year.

Given this uncertainty over a 20-year-old technology, I wondered if Mark had any thoughts on the potential impacts of AI—an obviously much newer offering that within the space of a couple of years appears to have become deeply integrated into our digital lives.

She told me she’s worried.

When we put in effort to do something—such as evaluating or summarizing content—we’re doing what’s known as “depth of processing,” she told me. “When you’re actively engaged with information, you’re processing it on a very deep level,” she said. “Then you’re more likely to learn it, to understand it, [and] to retain it.”

That’s not happening when most people use AI bots like ChatGPT, Claude, and Gemini. When we ask these tools to write, summarize, or evaluate for us, we’re no longer doing that depth of processing. “You’re deferring your cognitive work to AI,” she said. “And it’s not good for us.”

The risk is that our cognitive abilities will weaken over time. “If you’re not constantly exercising your muscles, they can atrophy,” Mark said. “And that’s exactly what can happen with our minds.” People with weaker critical thinking skills are more likely to fall prey to misinformation, she added.

Interactions with AI-powered “synthetic companions” can be just as harmful. Relationships between human beings take work—time, effort, and understanding. None of that is needed if you’re forming a relationship with a sycophantic bot. The “muscle” we risk atrophying here is emotional intelligence, which surveys suggest is already on the decline, said Mark.

She’s not painting a particularly rosy picture.

“If we continue on this trajectory, attention spans are diminished, loneliness is rising, boredom is rising, emotional intelligence decreasing, and actually our sense of purpose, according to studies, is also decreasing,” she said.

Luckily, she thinks we can course-correct by changing our relationship with these technologies. The key factor is effort.

The more effort we put into something, the deeper the satisfaction we stand to gain, Mark told me. That means making an effort to read a book rather than skimming its summary, and to meet with friends in person when you can. Try not to use GPS in places where you can probably manage without it.

“I love technology; we can’t give it up,” she told me. “[But] we have to learn how to create new life routines.”

This article first appeared in The Checkup, MIT Technology Review’s weekly biotech newsletter. To receive it in your inbox every Thursday, and read articles like this first, sign up here.

Tiny HHS office tasked with protecting research participants’ safety is running on fumes

In 2021, the federal office charged with ensuring that the vast research enterprise bankrolled by the Department of Health and Human Services keeps study participants safe, received a report of a death by suicide involving a person enrolled in a study testing a treatment for depression and reduced mobility. 

Once the Office of Human Research Protections started looking into the death at the New York State Psychiatric Institute, it found problems that spread far beyond that one study, including failures in how the institute’s ethics board reviews proposed research. “We saw, holy smokes, this whole institution has issues,” said Lisa Buchanan, then director of the OHRP’s compliance division. The investigation became all-consuming. “It was probably 60-70% of our time,” she said.

Read the rest…

D&D‑seq Uses Base Editing to Map DNA–Protein Interactions in Single Cells

A new molecular recording strategy is giving researchers a way to capture DNA–protein interactions in single cells, including the weak and transient contacts that shape gene regulation but often slip past existing assays. The method, called D&D‑seq (docking and deamination followed by sequencing), layers a base‑editing enzyme onto an antibody‑binding nanobody, turning fleeting interactions into durable sequence marks.

The paper is titled “Single-cell mapping of regulatory DNA-protein interactions,” and was published recently in Cell.

“D&D-seq couples an antibody-binding nanobody to a cytosine base editor, a combination that enables detection of weak or transient factor binding through targeted cytosine-to-uracil [CU] editing at protein-bound genomic sites,” the authors wrote. Those edits become a molecular breadcrumb trail, revealing where regulatory proteins have interacted with the genome.

This approach directly addresses a long‑standing gap in the field. Traditional methods for mapping transcription factor binding, such as ChIP‑seq or CUT&RUN, “cannot be easily incorporated into high-throughput single-cell workflows, limiting applications to bulk analysis or to single-cell profiling of only the strongest interacting chromatin factors. Single-cell profiling of TF binding in primary samples has been mainly restricted to inferential approaches based on expression levels of downstream TF target genes or through motif analysis of assay for transposase-accessible chromatin using sequencing (ATAC-seq) peaks, but identification of specific TF-binding sites requires more direct methods,” according to the authors.

The team demonstrated that D&D‑seq can map binding sites for transcription factors and other regulatory proteins, like chromatin remodeling proteins, across multiple cell types and conditions. One application involved profiling CTCF binding in primary T cells carrying an IDH2 mutation commonly found in leukemia. Because D&D‑seq operates at single‑cell resolution, it exposes heterogeneity in regulatory wiring that is often masked in population‑level assays.

Crucially, the method is platform‑agnostic. The authors showed that D&D‑seq can be integrated into standard single‑cell multiomics workflows, including ATAC‑seq, scATAC‑seq, and whole‑genome sequencing. That compatibility allows researchers to pair DNA–protein interaction maps with chromatin accessibility, gene expression, and genomic variation—all within the same cell.

As transcription factors and other regulatory proteins increasingly emerge as therapeutic targets, tools that reveal how these factors behave in patient‑derived cells will be essential. D&D‑seq offers a way to monitor how mutations, drugs, or engineered perturbations reshape regulatory landscapes at single‑cell resolution.

“We’re entering an era of medicine in which transcription factors and other gene-activity regulators will increasingly be therapeutic targets,” said Dan Landau, MD, PhD, the Bibliowicz Family professor of medicine and a member of the Sandra and Edward Meyer Cancer Center and the Englander Institute for Precision Medicine at Weill Cornell, who is also an oncologist at NewYork-Presbyterian/Weill Cornell Medical Center. “This kind of technology should have an important role in developing and evaluating such therapies.”

Although the method is still evolving, its conceptual elegance and technical flexibility have already sparked broad interest. By turning DNA into a recording surface for protein activity, D&D‑seq opens a new window into the “regulome”—one that captures the subtle, transient interactions that drive cellular identity and disease.

The post D&D‑seq Uses Base Editing to Map DNA–Protein Interactions in Single Cells appeared first on GEN – Genetic Engineering and Biotechnology News.

Novel Intracellular Pathway Identified That Protects Against Viral and Bacterial Infection

A common concept of the immune system is that of white blood cells putting up a fight against invading pathogens in the bloodstream. Researchers have now detailed a separate but equally important route by which our bodies fight infection—directly inside already infected cells. The team, co-led by Leo James, PhD, and Tyler Rhinesmith, PhD, at MRC Laboratory of Molecular Biology, defined a previously undescribed method of fighting pathogen invaders—and which they called  “antibody-directed xenophagy” (ADX)—where cells can digest bacteria and viruses, including Salmonella and adenoviruses, that cross the cell membrane. The scientists found that regulation of ADX is dependent on the intracellular protein, TRIM21, which James’s lab had previously shown protects from viral infection by binding to antibody-coated viruses in the cell cytosol, triggering virus degradation.

“People have talked about viral xenophagy before as a sort of concept, but if you look in literature, there aren’t any good examples where people have shown this operating to potently block infection,” said James. “In our single study, we’ve gone from the discovery of something completely unknown [ADX], all the way through molecular mechanism, its function in cells into animals, and demonstrated physiological importance.”

The discovery of the ADX pathway may have potential future medical implications. While far more study is needed, the research points to the feasibility that antibody or small molecule therapeutics could be used to treat infections by marking pathogens in the blood so TRIM21 can recognize and jumpstart ADX once they enter cells.

James, Rhinesmith, and colleagues reported on their findings in Molecular Cell, in a paper titled “TRIM21 induces selective autophagy of viruses and bacteria,” stating, “We propose that TRIM21 evolved through competition with pathogens to induce autophagy of diverse and complex substrates, potentially explaining its versatility for targeted protein degradation.”

Typically, the body will respond to an infection by creating antibodies that latch onto the invaders in the blood to alert immune cells, such as white blood cells, to destroy them. Sometimes, those antibody-bound pathogens evade the immune cells and infect healthy cells. This is where antibody-directed xenophagy becomes involved.

Using CRISPR-Cas9 and quantitative imaging, the team determined that once an antibody-labeled pathogen enters a cell, ADX begins with the specialized protein TRIM21, which flags the pathogen with a ubiquitin marker that signals to the cell that it has been invaded.

TRIM21 is an intracellular E3 ubiquitin ligase protein that binds to antibodies and catalyzes ubiquitination. Prior work by James’s group had found that TRIM protects against viral infection by binding to antibody-coated viruses in the cell, triggering ubiquitination and viral degradation.

“Recently, we and others have shown that the degradative adaptability of TRIM21 extends to a wide range of additional substrates beyond viral capsid proteins,” the team further pointed out. “TRIM21 is an exceptionally versatile ubiquitin ligase that can be directed by antibodies to target oligomeric protein scaffolds, viral capsids, and proteopathic aggregates for intracellular degradation.”

However, the mechanism used by cells to degrade the tagged viruses wasn’t known. “… how such a large and complex substrate is quickly and efficiently degraded remains unclear.”

Rhinesmith, a post-doc in James’s group, conducted a genome-wide CRISPR-Cas9 knockout screen, individually removing every gene across the human genome and testing how its deletion impacted TRIM21-triggered degradation of viruses. The results were striking, revealing a previously undescribed process by which TRIM21 is able to trigger autophagy of cell-invading viruses.

Autophagy is a conserved cellular process through which damaged or toxic cellular components are delivered to specialist acidic organelles to be degraded and recycled. While this process plays a key role in maintaining cellular health, its ability to protect against invading viral pathogens hasn’t been well studied.

Staff scientist Anna Albecka developed a high-fidelity confocal microscopy platform that allowed the team to visualize previously unidentified events in the TRIM21 restriction mechanism. The team observed binding of TRIM21 to antibody-coated viruses inside cells, in real time. The microscopy results showed that after TRIM21 ubiquitinates the invading virus complex, ubiquitin stimulates the assembly of autophagy components around viruses, including LC3, a marker for membranous compartments called autophagosomes.

Working with Claudia Puri and David C. Rubinsztein at the U.K. Dementia Research Institute, Cambridge, the team used super-resolution microscopy to visualize the assembly of these autophagosome membranes around individual viral particles coated in antibodies and TRIM21. Together, these observations revealed the stepwise process by which incoming virions are incarcerated inside sealed, LC3-positive autophagosomes.

Albecka was further able to show that these virus-containing autophagosomes are ultimately delivered to acidic lysosomes, resulting in the degradation of each virus into harmless peptides and nucleotides. Significantly, the study suggests that antiviral autophagy is a highly effective strategy deployed by cells to protect themselves from infection, and provides new tools for investigating this process.

Inspired by the ability of TRIM21 to activate by clustering around clients of very different architectures, the team next sought to understand whether it could also intercept a completely different type of pathogen: bacteria. The team used antibodies and a novel live cell microscopy method to track bacterial growth inside mouse cells. They observed the same ADX pathway that intercepts viral infection also potently restricts the growth of intracellular Salmonella. This discovery is significant because it explains how TRIM21 is able to intercept and trigger the degradation of invading pathogens of many complex structures and diverse lineages. “Importantly, our data explain how TRIM21 can degrade large and highly complex substrates,” the authors stated. “The need to intercept and destroy phylogenetically and structurally diverse pathogens may have driven the evolution of TRIM21’s very broad substrate versatility.”

By leveraging the intrinsic flexibility of the autophagy pathway, ADX can adapt to and degrade a variety of large and difficult targets. The findings indicate that the cell does not require a bespoke defense strategy for every individual pathogen. Instead, it employs a universal strategy, reliant on TRIM21, to redirect the cell’s existing autophagy machinery to any harmful material tagged with antibodies. This adaptability makes ADX clinically important for human immunity and, excitingly, a potential target for therapeutic enhancement.

“TRIM21 is unique because it uses the antibodies attached to the invading virus or bacteria to alert the cell,” said James. Rhinesmith added, “We show in the paper that on top of non-enveloped viruses, it’s also able to target bacteria along the same pathway. It seems that you trigger ubiquitination of whatever pathogen has antibodies around it through TRIM21, and this is the key step that leads to autophagy of the bacteria or the virus.”

This ability for cells to fight back from the inside doesn’t appear limited to specific cells within our body. The research team tested for the presence and action of TRIM21 against adenovirus in a range of human cell lines, as well as living mouse models in the case of Salmonella. These experiments indicated that ADX-mediated immunity is likely ubiquitous throughout the human body. “TRIM21 is expressed from what we call an ‘interferon-stimulated gene,’ which means that it is upregulated during infection, so your body makes it all the time, everywhere,” said James. “And the reason why you make it everywhere is so that you can potentially protect any cell or tissue.”

Though ADX may sound like a backup for our immune system for when pathogens evade our first lines of defense, the authors noted that this could be an equally important primary mode of protective immunity. “Our data shows that without TRIM21, a significant component of protective immunity in vivo against viruses is lost. In practice, immunity works because we’ve got different mechanisms operating together,” James said.

TRIM21 is the first intracellular protein discovered to stimulate ADX immunity, but there may be others that have equally broad or specific pathogen targets. Part of the research team’s next steps is determining the existence of other ADX-stimulating proteins and what limitations there may be to TRIM21’s function.

The post Novel Intracellular Pathway Identified That Protects Against Viral and Bacterial Infection appeared first on GEN – Genetic Engineering and Biotechnology News.

Autonomic nervous system dysfunction in irritable bowel syndrome: pathophysiology and therapeutic implications

This review synthesizes current evidence on autonomic nervous system (ANS) dysfunction in irritable bowel syndrome (IBS). Patients with IBS often exhibit sympathovagal imbalance–reduced vagal tone with relative sympathetic hyperactivity–which correlates with symptom severity and shows subtype specificity. The ANS orchestrates bidirectional brain–gut communication via interactions with psychosocial factors, low-grade neuroinflammation, and the gut microbiota. Key mechanisms include vagal afferent signaling by microbial metabolites, sympathetic regulation of mucosal immunity, stress-induced disruption of autonomic homeostasis, and neuroplastic changes in intestinal and central pain pathways. Emerging evidence supports therapeutic targeting of autonomic circuits through vagus nerve stimulation, pharmacological modulation of serotonin and adrenergic receptors, and microbiome-based interventions. Current challenges include methodological limitations in assessing neural dynamics and insufficient integration of multi-system interactions. Future research should employ multi-omics approaches to elucidate pathway-specific mechanisms and develop precision medicine strategies for this heterogeneous disorder.

Gut bacteria regulate intestinal motor circuits by metabolizing sex hormones

Nature Neuroscience, Published online: 04 June 2026; doi:10.1038/s41593-026-02338-5

Androgens — hormones that are generally present at higher levels in males than females — regulate intestinal transit, but their cellular targets and mechanisms of action are unclear. We identify the neurons that mediate androgen-dependent gut motility and reveal that androgen reactivation by a bacterial enzyme in the gut lumen is necessary for this vital neuroendocrine axis.

HHS confirms Americans with high-risk Ebola exposures will have access to experimental therapy

Americans who have high-risk exposures to Ebola in the current outbreak in Central Africa will have access to an antibody treatment that has shown great promise in animal testing but hasn’t yet undergone a clinical trial to show whether it is efficacious in people, the Department of Health and Human Services confirmed Thursday.

The antibody treatment, known as MBP-134, is made by San Diego-based Mapp Biopharmaceuticals, with funding from the Biomedical Advanced Research and Development Authority, an agency within HHS that helps develop medical countermeasures for rare and emerging diseases, and biological threats.

Read the rest…