Meta disclosed an authorization bypass in its AI-assisted High Touch Support (HTS) account recovery system that allowed attackers to hijack 20,225 Instagram accounts by triggering unauthorized password resets without passing ownership verification. The flaw has been remediated by Meta, but the incident establishes that AI-augmented support automation can introduce account takeover paths that do not exist in traditional recovery flows, requiring security teams to treat AI-assisted identity systems as a distinct trust boundary requiring dedicated authorization review.