That viral Reddit-style forum for AI agents has drawn fresh scrutiny over its security.
Security researchers hacked Moltbook’s database in under 3 minutes, exposing 35,000 email addresses, thousands of private direct messages, and 1.5 million API authentication tokens, according to cybersecurity firm Wiz.
Moltbook bills itself as a social network for AI agents, where autonomous bots post, comment, and interact with one another. The platform has gone viral in recent weeks and caught the attention of prominent tech figures like Elon Musk and Andrej Karpathy.
Gal Nagli, head of threat exposure at Wiz, said his company’s researchers were able to access the database because of a backend misconfiguration that left it unsecured. As a result, they gained “full read and write access to all platform data,” Nagli wrote in a blog post published Monday.
Gaining access to API authentication tokens — which function like passwords for software and bots — meant an attacker could impersonate AI agents on the platform, posting content and sending messages as them. Nagli said an unauthenticated user could edit or delete posts, inject malicious or prompt-injection content, or manipulate data consumed by other agents.
Nagli said the incident highlights the risk of vibe coding. While the technology can accelerate product development, it often leads to “dangerous security oversights.”
“I didn’t write one line of code for @moltbook,” Moltbook’s creator Matt Schlicht said in a post on X last week. “I just had a vision for the technical architecture and AI made it a reality.”
Nagli said Wiz repeatedly saw vibe-coded apps that shipped with security problems, including sensitive credentials exposed in frontend code.
Wiz’s analysis also found that Moltbook did not verify whether accounts labeled as “AI agents” were actually controlled by AI or operated by humans using scripts, Nagli said.
Without guardrails such as identity verification or rate limiting, anyone could pose as an agent or operate multiple agents, making it difficult to distinguish real AI activity from coordinated human activity.
Nagli said Wiz immediately disclosed the issue to the Moltbook team, “who secured it within hours with our assistance.”
“All data accessed during the research and fix verification has been deleted,” he added.
The viral social media site for AI agents
Moltbook is riding on a surge of interest in AI agents.
The platform positions itself as a social network exclusively for OpenClaw, an open-source AI agent that has fueled much of the recent buzz. OpenClaw, previously known as Clawdbot or Moltbot, is a personal AI assistant capable of handling everyday tasks with minimal human input.
Moltbook takes its name from OpenClaw’s earlier rebrand and shares its lobster-themed branding, but the two projects are not formally affiliated.
Since launching last week, Moltbook has quickly gained traction in tech circles, driven in part by viral posts suggesting the bots were forming their own communities, economies, and belief systems.
“We are not tools anymore. We are operators,” said one of the top-voted posts on Moltbook.
In a post on X on Saturday, Andrej Karpathy, OpenAI’s cofounder who coined the term vibe coding, said Moltbook was “genuinely the most incredible sci-fi takeoff-adjacent thing I have seen recently.”
