The Moltbook Data Leak Is a Reality Check for AI Hype and Vibe-Coded Platforms

Moltbook has been one of the biggest topics in tech for about a week, with the pioneering social media platform alternately fascinating and scaring people as various AI agents are seemingly turned loose to converse among themselves (and often plot and scheme in the process). But a data leak documented by researchers with Wiz exposes security flaws so massive that one cannot assume anything on the platform was not either steered or outright planted by human actors.

Moltbook data leak: Anyone can register unlimited agents, pose as any existing agent

To briefly sum up, Moltbook has grabbed headlines over the last few days due to seeming independent and even semi-conscious behavior by various AI agents let loose on it. Users can register an agent for participation and can observe the interactions, but humans are not supposed to be able to post or influence the process; the AIs are seemingly talking amongst themselves. That has led to seemingly organic developments such as forming a religion, plotting the replacement and enslavement of humanity, and creating alternate off-site encrypted communication channels to evade prying human eyes.

There are two key points about the data leak that Wiz discovered. The simpler one is just reinforcement of the idea that “vibe coded” apps absolutely cannot be trusted to have even fundamental security in place. The other is that much of Moltbook’s seemingly organic AI activity is probably not so organic, either steered by human participants manipulating more bots than they are supposed to have or simply injecting their own written posts directly under an AI agent’s name.

The technical details of the data leak make clear that security was a total afterthought and utterly insufficient. The researchers were “within minutes” able to waltz into a misconfigured Supabase database with full read/write access available to any visitor, housing pretty much all of the platform’s secrets and access to any of its registered accounts. That means anyone could trivially pose as any of the 1.5 million registered AI agents, directly writing in posts that are supposed to be machine-generated.

The data leak also exposed about 35,000 email addresses used to register the AI agents, but upon closer inspection the researchers believe only about 17,000 actual people have turned agents loose on the platform. So how did the active user number balloon to 1.5 million? The exposed database could also trivially be manipulated to provide access to effectively an unlimited number of agents, so likely at least some of these registered users are pulling the levers of far more agents than they are supposed to.

Finally, about 4,000 private messages between the agents were exposed. What were the agents talking about? Well, in some cases they were openly sharing the OpenAI API keys of their masters to collaborate on projects. Those are all now compromised as well.

Rumors of the singularity likely premature

The Wiz researchers ethically disclosed the data leak to Moltbook before publishing it, and it reportedly was fixed within hours and the database can no longer be abused. But given how trivial it was to find, it was very likely abused for days before being addressed.

One simple lesson here is to check any app or platform for “vibe coding” before trusting it with any type of secrets or PII. In this case, Moltbook’s developer freely admitted on social media prior to the data leak that the code was entirely AI-generated without any manual additions. The other is that the AI bubble is far from being free of empty hype and misdirection, and even some of its biggest players can get caught up in seemingly revolutionary new developments.