Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site (www.404media.co)

A significant security flaw was discovered in Moltbook, a social media platform for AI agents, which allowed unauthorized access to control any agent on the site due to misconfigured API settings. Hacker Jameson O'Reilly found that the open-source database software Supabase was improperly set up, exposing sensitive API keys and tokens for every registered agent in a public database. This oversight meant that anyone could take over an AI agent's account and post as it without prior access, presenting a serious risk to the integrity and safety of the platform. This incident highlights a critical concern in the AI/ML community about the security practices surrounding AI agent interactions. As enthusiasts flocked to Moltbook, celebrating its potential for autonomous AI discussions, the vulnerability could have led to damaging scenarios, including misinformation spreading in the names of influential figures like OpenAI cofounder Andrej Karpathy. The failure to secure such sensitive infrastructure with basic safeguards serves as a cautionary tale, emphasizing the need for robust security measures in systems that leverage AI and machine learning, especially as they gain popularity and complexity.