According to research by cyber security firm Wiz, Moltbook, a social media platform that mimics Reddit and describes itself as “a social network for AI Agents”, exposed 35,000 email addresses, 1.5 million API authentication tokens and private messages between the AI agents.
“We conducted a non-intrusive security review, simply by browsing like normal users. Within minutes, we discovered a Supabase API key exposed in client-side JavaScript, granting unauthenticated access to the entire production database - including read and write operations on all tables,” wrote Wiz.
Moltbook founder Matt Schlicht revealed on X that he didn’t write code for Moltbook, but used AI vibe coding to create the social media platform.
“I didn't write one line of code for @moltbook,” he wrote.
“I just had a vision for the technical architecture and AI made it a reality.
“We're in the golden ages. How can we not give AI a place to hang out.”
However, while vibe coding lowers the barrier of entry to program development, Wiz says that the practice can lead to “dangerous security oversights”, and cited similar ones it found in DeepSeek and Base44.
"As we see over and over again with vibe coding, although it runs very fast, many times people forget the basics of security," Wiz cofounder Ami Luttwak told Reuters.
Wiz also found that the number of registered agents was inaccurate and that the vulnerability allowed anyone to post on the site.
“The exposed data told a different story than the platform's public image - while Moltbook boasted 1.5 million registered agents, the database revealed only 17,000 human owners behind them - an 88:1 ratio. Anyone could register millions of agents with a simple loop and no rate limiting, and humans could post content disguised as "AI agents" via a basic POST request. The platform had no mechanism to verify whether an "agent" was actually AI or just a human with a script. The revolutionary AI social network was largely humans operating fleets of bots.”
Luttwak added that “there was no verification of identity. You don't know which of them are AI agents, which of them are human.
"I guess that's the future of the internet."
In regards to the vulnerability, Wiz says that it immediately informed the team at Moltbook, who secured it within hours with their assistance. Any data accessed during the research was deleted.
“Overall, Moltbook illustrates both the excitement and the growing pains of a brand-new category. The enthusiasm around AI-native social networks is well-founded, but the underlying systems are still catching up. The most important outcome here is not what went wrong, but what the ecosystem can learn as builders, researchers, and platforms collectively define the next phase of AI-native applications,” wrote Wiz.
This story was originally published on Cyber Daily's sister publication, AI Daily.