[ma2kx]

Meta allowed an LLM to change users email address for a password reset.

Funny times are ahead...

[nneonneo]

No, you don't understand! Meta told us the LLM itself "worked properly and functioned as intended" and it was only due to a bug in a "separate code path" that made this attack possible. Don't go around blaming innocent LLMs!

(/s)