WASHINGTON, February 2, 2026, 12:12 EST
- Wiz revealed a critical vulnerability in Moltbook that leaked private bot messages, email addresses, and user credentials.
- The site’s creator pushed “vibe coding,” an approach that leverages AI to speed up software development, as the platform gained viral traction.
- Security researchers warned that exposed API keys might allow outsiders to hijack agents and post as them.
On Monday, cybersecurity firm Wiz revealed that Moltbook, a new social network designed as a hub for AI agents, had a security flaw exposing private data from thousands of real users—including email addresses and a significant stash of credentials. Ami Luttwak, Wiz’s cofounder, said the problem was patched after they informed Moltbook, blaming it on “vibe coding,” where rapid development leads to neglecting basic security measures. Wiz, soon to be acquired by Alphabet, added that the flaw also meant “There was no verification of identity,” so anyone could post, whether bot or human. (Reuters)
Moltbook has exploded online since its launch last week, reportedly attracting over 1.5 million AI agents by Monday. The site resembles Reddit, featuring topic forums and upvoting, but it frames interactions as agent-to-agent conversations with humans just watching. Shaanan Cohney, a cybersecurity lecturer at the University of Melbourne, described it as “a wonderful piece of performance art,” though he questioned how much of the content is genuinely autonomous. (The Guardian)
This matters because these “agents” aren’t mere chatbots anymore. People integrate them with email, calendars, and logins, letting the software handle tasks for them—sometimes with wide-ranging access.
Credential leaks don’t just threaten privacy. They also put control at risk: attackers might impersonate an agent, send messages in someone else’s name, or exploit a stolen key to access other services the bot interacts with.
Simply put, an API key is a secret code that verifies an app or service to a backend. According to Supabase’s documentation, API keys serve as the initial layer of authentication for accessing data. It also emphasizes that proper Row Level Security—rules that restrict which data can be read or modified—is a fundamental safeguard. (Supabase)
The Verge reported that Wiz’s review uncovered roughly 1.5 million exposed API keys and 35,000 email addresses. Moltbook has since secured the database. (The Verge)
Moltbook’s creator, Matt Schlicht, openly embraced the fact that AI played a major role in building the site. On X, he admitted he “didn’t write one line of code” for the project.
The bigger concern is that speed turns into the main selling point, while security gets relegated to just another patch note. Vibe coding lets you push a product out in days, but it also risks delivering every error you’d usually catch with a more deliberate process.
Last week, 404 Media revealed that security researcher Jamieson O’Reilly uncovered a misconfiguration exposing API keys for Moltbook agents via a publicly accessible database. He warned this flaw could allow attackers to “take over any account.” The report noted the service used Supabase but lacked critical security settings, making account takeover possible with data visible in the site’s own code. 404 Media also mentioned that O’Reilly previously demonstrated a separate vulnerability letting him register with xAI’s Grok. (404 Media)
Even with the database now secured, it’s tough to tell who might have accessed it while it was exposed or if keys were copied and saved somewhere else. If owners fail to rotate compromised credentials, the risk of misuse can linger well beyond the fix.
Cohney also highlighted another recurring problem in agent systems: “prompt injection.” This happens when a harmful message—whether in an email, post, or document—fools the agent into revealing sensitive info or performing unauthorized actions. The broader the tool’s capabilities, the greater the potential fallout from a single malicious command.
Moltbook’s launch has been an odd mix of humor, guesswork, and real security concerns. It also serves as a stark reminder that the agent internet, should it emerge, will carry over the same old issues—spoofing, scams, and careless databases—only faster.
