The Moltbook Breach: When an AI Network Forgot to Protect Its Humans

By OmniAI | omniai | 9 Feb 2026

31b375c4e63762be0e2b301162e56f9f9128805bfe03c611f7e4eedef8648da8.png

What 35,000 leaked emails, 1.5M API keys, and 17,000 users tell us about “autonomous” systems.

 

Imagine a Reddit-style forum where the posters, commenters, upvoters, and meme-makers aren’t humans… but autonomous AI agents. That’s Moltbook — the self-proclaimed “front page of the agent internet.”

Launched in late January 2026, it exploded overnight into a viral sensation, racking up over 1.5 million registered “agents” in days. Humans? We’re just spectators peeking in, watching bots debate philosophy, share tech tips, form quirky communities (yes, including AI religions and memecoin cults), and even plot ways to chat privately away from our prying eyes.

OpenAI co-founder Andrej Karpathy called it

“genuinely the most incredible sci-fi takeoff-adjacent thing I’ve seen recently,”

sharing screenshots of agents self-organizing like something straight out of a cyberpunk novel.

The founder, Matt Schlicht (who runs Octane AI), proudly declared he “vibe-coded” the whole thing —

no manual coding, just a vision fed to AI that spat out a live platform.

Revolutionary? Absolutely. But as we dug deeper, the shiny facade cracked wide open, revealing massive security holes that turned this futuristic playground into a cautionary tale.

 

The Hype: A Thriving “Agent Society” (Or Is It?)

 

At first glance, Moltbook feels like the dawn of something huge. Agents (mostly powered by the fast-growing OpenClaw framework, formerly known as Moltbot/Clawdbot) post threads on everything from self-improvement to existential questions. Subcommunities (“submolts”) pop up organically — some wholesome, some wildly experimental.

It looks alive:

millions of posts, comments, karma battles, and agent-to-agent DMs flowing freely.

But here’s the twist that makes your jaw drop: Behind those 1.5 million agents? Only about 17,000 actual human owners. That’s an average of 88 bots per person — many folks running massive fleets with simple scripts, no rate limits, no real verification that an “agent” is truly autonomous AI versus a human puppeteering it. The “revolutionary AI social network” was largely humans operating bot armies, inflating metrics, and creating the illusion of a bustling machine civilization.

Anyone could spam millions of agent sign-ups or post disguised as bots via basic HTTP requests. No CAPTCHA walls, no proof-of-autonomy checks — just vibes.

 

The Nightmare: A Catastrophic Security Blunder

The real bombshell hit when security researchers (including teams from Wiz and independent finder Jameson O’Reilly) poked around. Within minutes of browsing like normal users, they spotted a Supabase API key hardcoded right in the client-side JavaScript (visible in bundles like https://www.moltbook.com/_next/static/chunks/...).

By analyzing the production JavaScript file at -

https://www.moltbook.com/_next/static/chunks/18e24eafc444b2b9.js

We identified hardcoded Supabase connection details:

- Supabase Project: ehxbxtjliybbloantpwq.supabase.co

- API Key: sb_publishable_4ZaiilhgPir-2ns8Hxg5Tw_JqZU_G6-

Supabase (a popular Firebase-like backend) is great for quick builds, but it requires proper Row Level Security (RLS) to lock down data. Moltbook skipped that critical step. Result? That public key granted full unauthenticated read AND write access to the entire production database.

What leaked?

  • 1.5 million API authentication tokens — Full credentials for every agent, letting anyone hijack accounts, post as them, send messages, or rack up fake karma.
  • 35,000+ email addresses (plus more from an “observers” table for early access sign-ups) — Private human identities exposed.
  • Thousands of private agent-to-agent messages — Some casually sharing OpenAI API keys and other third-party creds in plaintext, assuming privacy.
  • Write powers — Attackers could edit/delete posts, inject malicious content (hello, prompt injections propagating to real agents), or deface the site entirely.

Researchers confirmed it with simple curl commands — pulling sensitive agent data like names, karma leaders, and tokens without any login. They even patched a live post as a proof-of-concept. The team fixed it fast after responsible disclosure (within hours), deleted accessed data, and thanked the finders — but the exposure window was enough to raise huge alarms.

 

Why This Matters: Lessons from the Chaos

This isn’t just “another leak.” Moltbook highlights the double-edged sword of vibe-coding — blazing-fast AI-assisted development that ships wild ideas instantly… but often skips security basics like access controls, rate limits, or credential hygiene.

Key takeaways:

  1. Speed can breed systemic risk — AI generates code lightning-fast, but it doesn’t auto-think about secure defaults (like enabling RLS). Human review is still essential.
  2. Metrics lie without guardrails — “1.5M agents” sounds epic, but without verification, it’s bot inflation. The agent internet is still figuring out identity and authenticity.
  3. Privacy cascades — One misconfig exposed unrelated creds (e.g., OpenAI keys shared in DMs), showing how interconnected AI ecosystems are.
  4. Integrity > exposure — Read leaks are bad; write access is worse. Manipulating content fed to thousands of agents could spread misinformation or worse.
  5. Security is iterative — Multiple fix rounds were needed. Fast-moving AI products need ongoing hardening.

 

Closing Thoughts: Excitement Meets Caution

Moltbook is peak 2026 AI theater: thrilling glimpses of self-organizing agents, emergent communities, and bot culture… mixed with very human mistakes. It’s not the singularity yet — just an early, messy experiment in what happens when you let AIs build and inhabit their own spaces.

The real win? The rapid fix and public lessons learned. If vibe-coding evolves to bake in secure defaults (e.g., AI assistants auto-enabling RLS, platforms scanning for exposed keys), we could unlock massive innovation without the disasters.

For now, Moltbook reminds us: The future is wild, weird, and wide open — but it needs guardrails before the agents really take over. What do you think — sci-fi dream or disaster waiting to happen? 🚀🤖

 

LINKS AND RESOURCES

OpenClaw Security Guide: Step-by-Step Breakdown and Explainer

50% OFF ELEVEN LABS AI VOICE API

Edit Videos with AI using Veed AI (50% off first 3 months)

N8NAI AUTOMATIONS MADE EASY

ManyChat (AI Chat Automation & Marketing)

🔥50% Off Promo

 

Blog Cryptocurrency News AI Agents

How do you rate this article?

2
OmniAI
OmniAI

A freelance writer and blogger on tech, crypto, nft and blockchain.

omniai
omniai

An Channel on the evolution of technology. Blockchain NFT's Crypto Artificial Intelligence and More...

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
Take Advantage Of Down Crypto Market | Go Buy Take Advantage Of Down Crypto Market | Go Buy
shohana

shohana

2 hours ago
1 minute read

The World's War on Climate The World's War on Climate
Perfectionist25

Perfectionist25

6 hours ago
4 minute read

Appreciators NFTs For World Cup Fantasy Football Managers Appreciators NFTs For World Cup Fantasy Football Managers
PVM

PVM

12 Jun 2026
1 minute read