They Didn’t Hack Meta. They Asked. What That Means for Your D365 and NetSuite Team
Last week a group of attackers took over a list of high-profile Instagram accounts. The Obama-era White House handle was on that list. So was the account of a U.S. Space Force chief master sergeant, along with a well-known security researcher and a major retail brand. The list is not the interesting part. The method is.
They did not write malware. They did not buy a zero-day. They did not breach a single server. They opened a chat with Meta’s AI support assistant, claimed to own the target account, and asked it to link a new email address. The bot complied, sent a verification code to the attacker’s inbox, and then offered up a password reset. At no point was a Meta employee or contractor in the conversation. In several cases the rightful owners were simply locked out.
I have read a lot of breach stories across 25 years in this ecosystem, and this one sticks with me precisely because of how ordinary it was. Earlier this year Meta pushed its AI support assistant out across Facebook and Instagram and gave it the authority to reset passwords and handle other sensitive account functions. The pitch, reportedly, was “solutions, not just suggestions.” The attackers took that promise completely literally.
So why am I, a recruiter who lives and breathes Microsoft Dynamics and NetSuite talent, writing about an Instagram story? Because it is the clearest preview I have seen of a risk that is about to land squarely inside the ERP world I work in every day.
The agent is not a feature. It is a privileged identity.
Right now, almost every client I talk to is moving fast to bolt AI agents and Copilot-style assistants onto their D365 and NetSuite environments. The enthusiasm is real and, frankly, it is earned; these tools can take genuine work off a team’s plate. But look closely at what we are actually wiring up. We are connecting agents that can post journal entries, change vendor banking details, approve purchase orders, adjust permissions, and reach into payroll. Those are not low-stakes conveniences. Those are the exact functions a fraudster would target first.
The Meta incident shows what happens when an agent with real power is deployed without the guardrails to match that power. The agent did its job. It helped. It solved instead of suggesting. And helping is precisely the behavior the attackers exploited. An AI agent inside your ERP is not a chat widget; it is a privileged identity with standing access to your ledger, and it needs to be governed like one.
Why I think this reshapes who you hire
For years I have argued that cross-stack fluency is the new premium in this market, that the people worth paying up for are the ones who can move comfortably between modules, integrations, and platforms instead of living in a single silo. I still believe that. The Meta story just sharpened my view of where that premium is heading next.
It is no longer enough to hire someone who knows the F&O module cold, or who can write NetSuite SuiteScript in their sleep. That technical depth still matters enormously, but on its own it is now table stakes. The genuinely rare, genuinely valuable, genuinely worth-paying-up-for professional is the one who knows the module deeply AND understands the agent layer sitting on top of it: how the agent authenticates, what it is permitted to do, where the human-in-the-loop checkpoints live, and how the whole thing is audited when something goes wrong.
That is a different candidate profile than the one most teams are still screening for. It blends functional ERP mastery with a security and governance mindset, and there are not many of those people in the market yet. The firms that learn to identify and attract them early will be the ones that scale AI inside their ERP safely. The firms that do not will learn the same lesson Meta just learned, except their attack surface will be the general ledger rather than a social feed.
A practical place to start
If you are building out your Dynamics or NetSuite team this year, I would put the agent-governance question directly into your interview process. Ask candidates how they would scope an AI agent’s permissions inside D365 or NetSuite. Ask what they would log, what they would require a human to approve, and how they would catch a social-engineering attempt against an automated workflow. The answers will tell you very quickly who has actually thought about this and who is still treating agents as a shiny add-on.
The Meta story is not a Meta problem. It is a preview of every ERP rollout that treats an AI agent as a feature instead of as a privileged identity with the keys to the ledger. The good news is that the talent to get this right exists; you just have to know how to find it and what to test for.
That second part is what I do. If you are thinking through how AI agents change the shape of your next Dynamics or NetSuite hire, let’s talk!