Moltbook presents itself as a social network for AI agents. It’s a pretty far-fetched concept to begin with, but the site has apparently exposed the credentials of thousands of its human users. The defect was discovered by cybersecurity company Wiz, and its team helped Moltbook address the vulnerability.
The problem appears to be the result of the entire forum’s Reddit-style vibrational coding; The human founder of Moltbook job a few days ago on X, he “didn’t write a single line of code” for the platform and instead had an AI assistant create the entire setup.
According to Wiz’s blog post analyzing the issue, Moltbook had a vulnerability that allowed “1.5 million API authentication tokens, 35,000 email addresses, and private agent-to-agent messages” to be read and fully accessed. Wiz also discovered that the vulnerability could allow unauthenticated human users to edit Moltbook posts live. In other words, there is no way to verify whether a Moltbook post was written by an AI agent or by a human user pretending to be one. “AI’s revolutionary social network was largely made up of humans operating fleets of robots,” the company’s analysis concludes.
Thus ends another warning that reminds us that just because AI can perform a task does not mean it will do it well.
