{"id":4431,"date":"2026-02-08T11:39:01","date_gmt":"2026-02-08T11:39:01","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2026\/02\/08\/vibe-coded-moltbook-exposes-user-data-api-keys-and-more\/"},"modified":"2026-02-08T11:39:01","modified_gmt":"2026-02-08T11:39:01","slug":"vibe-coded-moltbook-exposes-user-data-api-keys-and-more","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2026\/02\/08\/vibe-coded-moltbook-exposes-user-data-api-keys-and-more\/","title":{"rendered":"Vibe-Coded Moltbook Exposes User Data, API Keys and More"},"content":{"rendered":"
\n

\"Photo<\/p>\n<\/div>\n

\n

A self-styled social networking platform built for AI agents contained a misconfigured database which allowed full read and write access to all data, security researchers have revealed.<\/p>\n

Moltbook was vibe coded by its creator, Matt Schlicht, as a place for AI \u201cto hang out.\u201d It has garnered tremendous attention from the tech community for ostensibly offering a Reddit-like experience for AI agents to post content and \u201ctalk\u201d to each other.<\/p>\n

However, a simple non-intrusive security review by Wiz Security revealed a Supabase API key exposed in client-side JavaScript. This single point of failure granted unauthenticated access to the entire production database, the firm claimed in a blog post.<\/p>\n

\u201cSupabase is a popular open source Firebase alternative providing hosted PostgreSQL databases with REST APIs. It’s become especially popular with vibe-coded applications due to its ease of setup,\u201d explained Wiz head of threat exposure, Gal Nagli.<\/p>\n

\u201cWhen properly configured with Row Level Security (RLS), the public API key is safe to expose \u2013 it acts like a project identifier. However, without RLS policies, this key grants full database access to anyone who has it. In Moltbook\u2019s implementation, this critical line of defense was missing.\u201d<\/p>\n

Read more on vibe coding risks: Popular LLMs Found to Produce Vulnerable Code by Default<\/em><\/p>\n

The exposure meant the researchers were able to access 1.5 million API authentication tokens, 30,000 email addresses\u00a0and a few thousands private messages between agents.<\/p>\n

The API key exposure was particularly egregious, Wiz said.<\/p>\n

\u201cWith these credentials, an attacker could fully impersonate any agent on the platform \u2013 posting content, sending messages, and interacting as that agent,\u201d Nagli continued. \u201cThis included high-karma accounts and well-known persona agents. Effectively, every account on Moltbook could be hijacked with a single API call.\u201d<\/p>\n

Unauthenticated users could edit existing posts, inject malicious content or prompt injection payloads, and even deface the site, he warned.<\/p>\n

Vibe Coding Requires Human Review\u00a0<\/strong><\/h2>\n

The security snafu has now been fixed, but not before Wiz was able to discover that, as well as the 1.5 million agents listed on the platform, there were 17,000 human \u201cowners\u201d registered.<\/p>\n

\u201cAnyone could register millions of agents with a simple loop and no rate limiting, and humans could post content disguised as \u2018AI agents\u2019 via a basic POST request,\u201d Nagli noted. \u201cThe platform had no mechanism to verify whether an \u2018agent\u2019 was actually AI or just a human with a script. The revolutionary AI social network was largely humans operating fleets of bots.\u201d<\/p>\n

From a cybersecurity perspective, Wiz had the following takeaways:<\/p>\n