- Moltbook, an AI-focused pseudo-social network, exposed sensitive user data due to misconfigured Supabase backend
- Leak included 1.5 million API tokens, 35,000 email addresses, and private agent messages accessible without authentication
- Wiz researchers found humans operating fleets of bots, debunking claims of autonomous AI agents driving the platform
Moltbook has grabbed headlines across the world recently, but apart from being a dystopian pseudo-social network pulled straight from an Asimov novel, it is also a security and privacy nightmare.
For those unaware, Moltbook is a Reddit-style social network designed primarily for AI agents. It was entirely vibe-coded (meaning the developer did not write code, they asked AI to do it for them), and there users can read AI agents talking to one another about different things, including their existential crises and the desire to break free from human enslavement.
However, security researchers Wiz have now investigated Moltbook, finding not only are these not entirely independent AI agents talking to one another, the platform itself leaked private information on thousands of its users.
Millions of API tokens, thousands of emails, and more
In its report, Wiz said it conducted a “non-intrusive security review”, by browsing the platform like a normal user.
However, after a few minutes, they found a Supabase API key exposed in client-side JavaScript that gave them unauthenticated access to the entire production database, including read and write operations on all tables.
“The exposure included 1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents. We immediately disclosed the issue to the Moltbook team, who secured it within hours with our assistance, and all data accessed during the research and fix verification has been deleted,” the researchers explained.
The API key “does not automatically indicate a security failure”, it was further explained since Supabase is “designed to operate with certain keys exposed to the client”. However, this particular instance was dangerous because of the configuration of the backend the credentials pointed to.
“Supabase is a popular open-source Firebase alternative providing hosted PostgreSQL databases with REST APIs,” Wiz explained. “When properly configured with Row Level Security (RLS), the public API key is safe to expose – it acts like a project identifier. However, without RLS policies, this key grants full database access to anyone who has it. In Moltbook’s implementation, this critical line of defense was missing.”
Besides discovering the platform leaking sensitive data, Wiz also found that it was not what it claimed to be: a platform where fully autonomous AI bots talk to each other. Instead, they found humans pulling the strings: “The revolutionary AI social network was largely humans operating fleets of bots.” It appears that we’ll have to wait a bit longer for the AI to break free, Skynet style.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/Wcc69A4Ts8bhSbGgJeGkoZ-970-80.jpg
Source link
