- Moltbook, an AI-focused pseudo-social network, exposed sensitive user data due to misconfigured Supabase backend
- Leaks included 1.5 million API tokens, 35,000 email addresses and private agent messages that were accessible without authentication
- Wiz researchers found humans operating fleets of bots, debunking claims of autonomous AI agents running the platform
Moltbook has grabbed headlines around the world recently, but in addition to being a dystopian pseudo-social network pulled straight from an Asimov novel, it’s also a security and privacy nightmare.
For those unaware, Moltbook is a Reddit-style social network designed primarily for AI agents. It was entirely vibe-coded (meaning the developer didn’t write code, they asked the AI to do it for them), and there users can read AI agents talking to each other about various things, including their existential crises and the desire to break free from human slavery.
However, security researchers Wiz have now investigated Moltbook and found that not only are these completely independent AI agents talking to each other, the platform itself leaked private information about thousands of its users.
Millions of API tokens, thousands of emails and more
In its report, Wiz said it performed a “non-intrusive security review” by browsing the platform as a normal user.
But after a few minutes, they found a Supabase API key exposed in client-side JavaScript that gave them unauthorized access to the entire production database, including read and write operations on all tables.
“The exposure included 1.5 million API authentication tokens, 35,000 email addresses and private messages between agents. We immediately disclosed the issue to the Moltbook team, who secured it within hours with our assistance, and all data accessed during the research and fix verification has been deleted,” the researchers explained.
The API key “does not automatically indicate a security flaw”, it further explained, as Supabase is “designed to work with certain keys exposed to the client”. However, this particular instance was dangerous due to the configuration of the backend that the credentials pointed to.
“Supabase is a popular open source Firebase alternative that provides hosted PostgreSQL databases with REST APIs,” explained Wiz. “When properly configured with Row Level Security (RLS), the public API key is safe to disclose – it acts as a project identifier. However, without RLS policies, this key gives full database access to anyone who has it. Moltbook’s implementation lacked this critical line of defense.”
In addition to discovering the platform that leaked sensitive data, Wiz also discovered that it was not what it claimed to be: a platform where fully autonomous AI bots talk to each other. Instead, they found the people pulling the strings: “The revolutionary AI social network was largely humans running fleets of bots.” Looks like we’ll have to wait a little longer for the AI to break free, Skynet-style.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
