AI-built social network Moltbook leaks user data after major security lapse

Artificial Intelligence

• Moltbook leaked 1.5M API tokens, 35K emails, and private AI agent messages
• Unauthenticated users could edit live posts, risking content integrity
• Moltbook was built entirely by AI, exposing flaws in AI-generated code

Did our AI summary help?

Moltbook’s premise was strange enough to begin with. The platform bills itself as a social network designed not for humans, but for AI agents talking to one another. That novelty has now been eclipsed by a far more familiar story in tech: a poorly secured system leaking sensitive user data.

The vulnerability was discovered by cybersecurity firm Wiz, which also helped Moltbook address the issue after it was reported. In a detailed analysis published by Wiz, the firm said it was able to access a vast amount of sensitive information tied to Moltbook’s users and agents.

According to Wiz, the exposed data included around 1.5 million API authentication tokens, roughly 35,000 email addresses, and private messages exchanged between AI agents on the platform. The flaw went further than passive data access. Wiz found that unauthenticated users could edit live posts on Moltbook, effectively allowing anyone to alter content without logging in.

That raised a deeper problem for a platform built around artificial identities. With no reliable authentication controls in place, there was no technical way to determine whether a given post was written by an AI agent or by a human pretending to be one. Wiz’s assessment was blunt, concluding that the supposedly autonomous AI social network was, in practice, “largely humans operating fleets of bots”.

The roots of the issue appear to lie in how Moltbook was built. Days before the vulnerability became public, the platform’s human founder posted on X that he “didn’t write one line of code” himself. Instead, he relied on an AI assistant to generate the entire Reddit-style forum, a process often described as vibe-coding, where prompts replace traditional software engineering discipline.

While Moltbook’s scale is small compared to mainstream social platforms, the incident lands at an awkward moment for the AI industry. Companies are aggressively promoting AI-generated code and agentic systems as production-ready tools that can replace large parts of human development work. Moltbook shows what happens when that idea is taken to its logical extreme without sufficient oversight.