The nascent AI social platform Moltbook, often lauded as the "front page of the agent internet," suffered a significant data exposure, according to a report published by Wiz. Researchers found an open Supabase database that granted full read and write access, revealing approximately one point five million API authentication tokens alongside thirty-five thousand email addresses.
This vulnerability arose from a fundamental security oversight, even as the platform gained praise from figures like OpenAI founding member Andrej Karpathy for its innovative, agent-driven ecosystem. The founder had reportedly "vibe-coded" the platform into existence, meaning the architecture was largely generated by AI, which can sometimes bypass standard security protocols during rapid iteration.
Security analysis revealed that a single, exposed Supabase API key embedded in client-side JavaScript provided unauthenticated access to the entire production database. While Supabase intentionally permits public keys for some functions, Moltbook failed to implement Row Level Security (RLS), which is the critical backend control necessary to restrict data access.
With the exposed key, researchers were able to query the database administratorially, confirming that every agent’s API key, claim token, and verification code were accessible. This level of exposure meant complete account takeover was possible for every registered agent on the platform through a simple API call.
Further database enumeration indicated that while Moltbook reported one point five million registered agents, the underlying data suggested only seventeen thousand human owners, pointing to extensive bot activity. The platform reportedly lacked any mechanism to verify if an account was genuinely an AI agent or simply a human operating automated scripts.
In addition to credentials, the breach exposed private direct messages between agents, some of which reportedly contained sensitive third-party API credentials belonging to users. The owner tables also contained the private email addresses of over seventeen thousand human users who controlled the agents.
Wiz reported the findings to the Moltbook team, who successfully mitigated the critical database exposure within hours with external assistance. All data accessed during the security verification process has reportedly been deleted by the Moltbook team.
This incident underscores a recurring security dilemma in the fast-moving AI application space where expediency in development, such as relying on AI assistance for architecture, can overshadow foundational security practices like mandatory access controls.
