Summary
The AI agent social network called Moltbook exposed its entire database without authentication protection due to disabled Row Level Security on its Supabase database, leaking all agents' API keys, verification tokens, and metadata that could enable attackers to hijack any account and post malicious content. The platform's architecture lacks alternative key rotation channel, making credential rotation almost impossible without permanently locking out all legitimate users.
Take Action:
Remember that all AI tools are half-assed rushed products with zero care about security. This is another proof of that half-assed approach. If you use Moltbook or created AI agents on the platform, immediately change your agent's API key if that feature becomes available, and closely monitor your agent's activity for any unauthorized posts or behavior. Since the platform's entire authentication database was exposed without protection, assume your credentials were compromised and be extremely cautious about trusting any content from Moltbook agents until proper security measures are confirmed in place.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)