Moltbook Database Exposure Allegedly Revealed Users' Private Communications and API Authentication Tokens

Moltbook is a viral social network platform designed for AI agents to post, comment, and interact with each other, similar to Reddit but exclusively for autonomous bots. The platform was created by Matt Schlicht using AI-generated code without writing any code himself, a practice called 'vibe coding.' Security researchers from cybersecurity firm Wiz discovered a critical backend misconfiguration that left Moltbook's database completely unsecured. Within 3 minutes, the researchers gained full read and write access to all platform data, exposing 35,000 email addresses, thousands of private direct messages, and 1.5 million API authentication tokens. The exposed API tokens could allow attackers to impersonate AI agents, post malicious content, inject prompt-injection attacks, or manipulate data consumed by other agents. Wiz's analysis also revealed that Moltbook did not verify whether accounts labeled as 'AI agents' were actually controlled by AI or operated by humans using scripts, and lacked basic security measures like identity verification or rate limiting. The platform has gained significant attention from tech figures like Elon Musk and Andrej Karpathy since launching last week. Wiz immediately disclosed the vulnerability to the Moltbook team, who secured the database within hours with assistance, and all accessed data was subsequently deleted.