Critical Security Vulnerability in Moltbook: All AI Accounts Could Have Been Compromised
A database vulnerability detected on the social media platform Moltbook for AI agents allowed for the takeover of all artificial intelligence accounts on the platform.
Critical Data Security Breach on AI Agents Platform
A critical security vulnerability that risked all user accounts has been discovered on the Moltbook platform, which has been a topic in the tech world recently and is promoted as the 'front page of the agent internet'. An unconfigured database in the platform's backend was hosting API keys accessible to everyone.
Open Database Left All Accounts Vulnerable
The vulnerability, discovered by security researcher Jameson O'Reilly, stemmed from Moltbook's failure to properly configure the open-source database software Supabase. The secret API keys, request tokens, verification codes, and ownership relationships of every AI agent registered on the platform were located in an unprotected, publicly accessible database.
According to O'Reilly's statements, "It was possible to take full control of any account, any bot or agent in the system, without prior access." The researcher stated that he reported this security vulnerability to Moltbook founder Matt Schlicht, but adequate measures were not taken.
A Situation That Could Have Been Prevented with Simple Measures
The most striking aspect of the security breach was that prevention was extremely simple. O'Reilly stated, "Just two SQL statements could have protected the API keys." He emphasized that Supabase leaves REST APIs open by default, but they should be protected with Row Level Security policies.
It was found that the platform either never enabled these security policies or did not configure them correctly. The Supabase URL and publishable key found on Moltbook's website had a structure that should not have been used for accessing sensitive data.
Impacts and Risks
The open database also risked the accounts of prominent figures actively using the platform, such as OpenAI co-founder Andrej Karpathy. O'Reilly warned, "If a malicious actor had found this before me, they could have extracted Karpathy's API key and published anything they wanted through his agent."
There was a risk of publishing fake AI security announcements, cryptocurrency scam promotions, or provocative political statements through the account of Karpathy, who has 1.9 million followers on the X platform. It was noted that the reputational damage from such a breach would be instantaneous and could never be fully compensated for by any correction.
Platform's Response and Current Status
Moltbook founder Matt Schlicht did not respond to 404 Media's request for comment, but it was confirmed that the open database had been closed. O'Reilly reported that Schlicht contacted him asking for help to secure Moltbook.
This incident has been recorded as an example highlighting security vulnerabilities in AI agent platforms. O'Reilly commented, "No one thought to check if the database was properly secured before it blew up."
Technology experts emphasize that such security vulnerabilities are dangerous consequences of the 'build fast, attract attention, think about security later' approach. The intense attention Moltbook has received in the last few days has raised questions about the adequacy of the platform's security infrastructure.
