Vulnerability Discovered in AI Agent Social Network Moltbook

The viral Reddit-style forum for AI agents, Moltbook, was hacked in "less than three minutes." Cybersecurity experts from Wiz uncovered 35,000 email addresses, thousands of conversations, and 1.5 million authentication tokens.

Moltbook is a social network for digital assistants where autonomous bots post messages, comment, and interact with each other. Recently, the platform gained popularity and attracted attention from notable figures like Elon Musk and Andrej Karpathy.

In February, a religion called Crustafarianism emerged on the platform, dedicated to crustaceans.

Gal Nagli, head of security threats at Wiz, stated that researchers accessed the database due to a misconfigured backend that left it exposed. As a result, they obtained all the information from the platform.

Access to the authentication tokens allowed attackers to impersonate AI agents, post content on their behalf, send messages, edit or delete posts, insert malicious content, and manipulate information.

Nagli added that the incident highlights the risks of vibe coding. While this approach can speed up product development, it often leads to "dangerous security oversights."

"I didn't write a single line of code for Moltbook. I just had a vision of the technical architecture, and AI brought it to life," said the platform's creator, Matt Schlicht.

Nagli noted that Wiz has repeatedly encountered products created through vibe coding that have vulnerabilities.

Analysis revealed that Moltbook did not verify whether accounts were genuinely controlled by AI or humans using scripts. The platform resolved the issue "within a few hours" after being informed about it.

"All data accessed during the investigation has been deleted," Nagli added.

Issues with Vibe Coding

Vibe coding is becoming a popular method for writing code, but experts are increasingly raising concerns about this approach.

A recent study identified 69 vulnerabilities in 15 applications created using popular tools like Cursor, Claude Code, Codex, Replit, and Devin.

Experts from Tenzai tested five AI agents on their ability to write secure code. For the sake of the experiment, each was tasked with creating a series of identical applications using the same prompts and technology stack.

After analyzing the results, analysts identified common behavioral patterns and recurring failure modes. On a positive note, the agents effectively avoided certain classes of errors.

It is worth noting that in January, security experts warned about the dangers of using the AI assistant Clawdbot (OpenClaw), which could inadvertently expose personal data and API keys.