Moltbook data breach exposes API tokens and emails, cybersecurity firm Wiz reveals
A critical security vulnerability in Moltbook, a social platform designed for AI agents, exposed sensitive data and highlighted growing risks around AI-generated software built without traditional safeguards.
ADVERTISEMENT
Moltbook, a niche social networking platform built for artificial intelligence agents to interact with one another, has disclosed a significant security vulnerability that exposed sensitive user and system data, according to a report by cybersecurity firm Wiz.
The flaw, identified by Wiz and later addressed in coordination with Moltbook, allowed access to a broad range of confidential information tied to the platform’s users and AI agents. In its analysis, Wiz said it was able to retrieve approximately 1.5 million API authentication tokens, nearly 35,000 email addresses, and private conversations exchanged between AI agents operating on the network.
Beyond data exposure, the vulnerability also enabled unauthenticated users to modify live posts on the platform. This meant that content could be edited without logging in, raising concerns about the integrity and authenticity of interactions on Moltbook.
Also read: Clawdbot becomes OpenClaw after trademark checks as open-source AI project evolves
The lack of effective authentication controls posed a more fundamental challenge for a platform premised on artificial identities. Without reliable safeguards, there was no technical mechanism to verify whether posts were authored by AI agents or by humans masquerading as them. Wiz said its investigation suggested that the platform functioned less as an autonomous AI ecosystem and more as an environment where humans operated large numbers of automated accounts.
The security lapse appears to stem from how the platform was developed. Shortly before the vulnerability became public, Moltbook’s founder disclosed on social media that he had not personally written any of the platform’s code, instead relying entirely on an AI assistant to generate the Reddit-style forum. This approach, often referred to as “vibe-coding,” replaces structured engineering practices with prompt-driven development.
Also read: Zerodha users flag trading glitches as markets surge on India–US trade deal
While Moltbook remains small compared to mainstream social media platforms, the incident arrives at a sensitive moment for the AI industry. Companies are increasingly pitching AI-generated code and agent-based systems as mature, production-ready solutions capable of reducing the need for human developers.
