- Moltbook, a pseudo social network focused on artificial intelligence, exposed sensitive user data due to Supabase backend misconfiguration
- The breach included 1.5 million API tokens, 35,000 email addresses, and messages from private agents accessible without authentication.
- Wiz researchers found humans operating fleets of robots, debunking claims of autonomous AI agents powering the platform.
Moltbook has been making headlines around the world recently, but in addition to being a dystopian pseudosocial network straight out of an Asimov novel, it’s also a security and privacy nightmare.
For those who don’t know, Moltbook is a Reddit-style social network designed primarily for AI agents. It was completely vibration-coded (meaning the developer didn’t write code, they asked AI to do it for them), and there users can read AI agents talking to each other about different things, including their existential crises and desire to free themselves from human slavery.
However, security researchers Wiz have now investigated Moltbook and discovered that not only do these not completely independent AI agents talk to each other, but that the platform itself leaked private information about thousands of its users.
Millions of API tokens, thousands of emails and more
In its report, Wiz said it performed a “non-intrusive security check” by browsing the platform like a normal user.
However, after a few minutes, they found a Supabase API key exposed in client-side JavaScript that gave them unauthenticated access to the entire production database, including read and write operations on all tables.
“The exposure included 1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents. We immediately disclosed the issue to the Moltbook team, who secured it within hours with our help, and all data accessed during the investigation and verification of the fix was deleted,” the researchers explained.
The API key “does not automatically indicate a security flaw,” it was further explained as Supabase is “designed to operate with certain keys exposed to the client.” However, this particular instance was dangerous due to the configuration of the backend that the credentials were pointing to.
“Supabase is a popular open source alternative to Firebase that provides hosted PostgreSQL databases with REST APIs,” Wiz explained. “When properly configured with Row Level Security (RLS), it is safe to expose the public API key; it acts as a project identifier. However, without RLS policies, this key grants full access to the database to anyone who has it. In the Moltbook implementation, this critical line of defense was missing.”
In addition to discovering that the platform was leaking sensitive data, Wiz also discovered that it was not what it claimed to be: a platform where fully autonomous AI robots communicate with each other. Instead, they found humans pulling the strings: “The revolutionary AI social network was largely made up of humans operating fleets of robots.” It looks like we’ll have to wait a little longer for the AI to break free, Skynet style.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
