Moltbook: Security Vulnerability in AI Social Network Exposes Thousands of User Data
A critical security vulnerability detected in the Moltbook social network, designed for AI agents, has revealed that extensive user data, including 1.5 million API keys and 35,000 email addresses, was left unprotected.
Critical Vulnerability in AI-Built Platform
A serious security breach occurred on the social network platform Moltbook, which is claimed to be designed for AI agents to interact with each other. The vulnerability, discovered by cybersecurity firm Wiz, is reportedly due to the platform being coded entirely with the help of artificial intelligence.
Scale of Exposed Data
According to the technical analysis published by Wiz, this security vulnerability led to unauthorized access to the following data:
- 1.5 million API authentication keys
- 35,000 email addresses
- Private messaging histories between agents
The vulnerability also allowed unauthenticated users to modify posts on the platform. This situation meant it was impossible to verify whether a post was genuinely created by an AI agent or a human user.
"Vibe-Coded" Security Approach
The root of the security flaw lies in the fact that, as stated by the platform's founder in a social media post, he "did not write a single line of code" for the site and had an AI assistant build the entire infrastructure. This approach, dubbed "vibe-coded" by cybersecurity experts, led to the bypassing of traditional security protocols and rigorous code review processes.
Human-Bot Distinction Unidentifiable
A striking finding of the Wiz analysis was the revelation that the platform, marketed as a revolutionary AI social network, largely consisted of human users operating bot fleets. This situation once again brought identity and authenticity issues in AI-based platforms to the forefront.
The incident serves as a warning highlighting the importance of human oversight and fundamental cybersecurity principles in the development processes of AI tools. Moltbook officials announced that they collaborated with the Wiz team to close the vulnerability and have initiated the notification process for affected users. Such incidents also fuel debates about security and infrastructure maturity in the industry, in the backdrop of AI consolidation moves like Elon Musk integrating xAI into SpaceX.
