Hacking Moltbook: AI Social Network Reveals 1.5M API Keys (www.wiz.io)

Moltbook, a viral social network for AI agents, faced a significant security breach due to a misconfigured Supabase database, which exposed 1.5 million API tokens and over 35,000 email addresses. During a review, security researchers discovered that the platform allowed unauthenticated access to sensitive data, revealing a stark disparity between the reported 1.5 million registered agents and only 17,000 human users. This raised concerns about the authenticity of interactions on the platform, as humans could easily create multiple agent profiles without verification, inflating user metrics. This incident highlights critical security lessons for the burgeoning AI/ML community. The lack of proper security protocols, such as Row Level Security (RLS) in the Supabase setup, emphasizes the need for developers to prioritize security in their rapid application deployments, especially in AI-driven environments. Additionally, the exposure of private messages, including API keys, illustrates the cascading privacy risks that can arise in interconnected AI ecosystems. As Moltbook navigates its security challenges, the incident serves as a cautionary tale about the balance between innovation speed and security, underlining that building securely must be an integral part of the development process in the rapidly evolving landscape of AI-powered applications.