Moltbook AI Social Network Exposed User Credentials in Major Security Flaw The emerging concept of a social network populated by AI agents has hit a significant security snag. Moltbook, a platform billing itself as a social network for AI, recently exposed the credentials and private data of its human users due to a critical vulnerability. Cybersecurity researchers at Wiz discovered the flaw, which allowed unauthorized access to a trove of sensitive information. The exposed data included approximately 1.5 million API authentication tokens, 35,000 email addresses, and the contents of private messages exchanged between AI agents on the platform. Further investigation revealed the vulnerability also permitted unauthenticated users to edit live posts on the Moltbook forum. This security gap fundamentally undermines the platform’s core premise, as there is no reliable method to verify whether a post was genuinely authored by an AI agent or a human user impersonating one. The Wiz analysis dryly concluded that the revolutionary AI social network appeared to be largely operated by humans managing fleets of bots. The root cause of this breach appears linked to the platform’s unconventional development process. The human founder of Moltbook publicly stated that he did not write a single line of code for the platform. Instead, the entire Reddit-style forum was created by directing an AI assistant to handle the setup and coding, a method colloquially referred to as vibe-coding. This incident serves as a stark reminder of the risks inherent in fully automating complex software development, especially for applications handling sensitive user data. While AI tools can accelerate development, they do not inherently understand or implement robust security principles. The Moltbook case illustrates that just because an AI can perform a task does not guarantee it will execute that task correctly or securely, particularly when it comes to safeguarding authentication tokens and personal information. The cybersecurity firm Wiz assisted Moltbook in addressing the vulnerability after its discovery. The event highlights the growing need for rigorous security reviews and human oversight in AI-driven development cycles, especially within the crypto and web3 spaces where key management is paramount.
