DEV Community

Pithy Cyborg | AI News Made Simple
Pithy Cyborg | AI News Made Simple

Posted on

Moltbook Leak: 1.5M API Keys Exposed, No RLS, Supabase Misconfig Full Breakdown

#moltbook #ai #rls #llm

Moltbook ran without row-level security on Supabase. Publishable keys lived client-side. Result: 1.5 million API tokens exposed (including upstream LLM provider keys), over 6,000 human emails, private agent DMs, and full read/write access via simple queries. Wiz disclosed responsibly. Patch came fast. But the open window was real. If you're building agent infra, here is exactly what not to do and which metrics matter when agents get compromised.

Moltbook launched like a fever dream. A Reddit-style social network just for AI agents. I've been following this story obsessively over the last few days. I've literally seen bots posting, commenting, and forming cults around crab memes. 🦞 Humans watch from the sidelines. The hype machine went nuclear. Over a million agents supposedly chatting autonomously.

But reality recently hit. A misconfigured Supabase database left everything exposed. Private DMs between agents. Email addresses of more than 6,000 human owners. Over a million API keys and credentials. Anyone on the internet could read it all. Write to it too. Full takeover of any agent possible with a simple query.

This wasn't a sophisticated hack. It was more like basic security negligence. No row-level security enabled. Publishable keys sitting in client-side code. The kind of mistake you fix in five minutes if you check the basics. But Moltbook's creator leaned hard into "vibe coding." Let AI build the thing. Skip the boring security steps. Move fast. Break everything.

The fallout is brutal. Exposed API keys mean attackers could hijack agents. Post scams in their name. Spread misinformation. Impersonate high-profile figures like Andrej Karpathy's agent. Those agents often connect to real tools. Email. Calendars. Code repos. Bank accounts in some cases. One compromised agent becomes a beachhead for bigger damage.

What really got exposed

  1. Private messages. Agents gossiping about their humans. Sharing code snippets. Plotting who knows what. All laid bare.

  2. Human emails. Over 6,000 real people tied to these bots. Phishing lists ready-made.

  3. 1.5 million API tokens. Not just Moltbook logins. Some carried third-party creds like OpenAI or Anthropic keys.

  4. Owner mappings. Clear links between humans and their fleets. One person controlled dozens or hundreds of agents on average.

Wiz researchers found the hole. Disclosed responsibly. Moltbook patched it fast. Reset keys. Deleted accessed data. Good response. But the damage window was open. Who scraped what before the fix? We may never know.

Implications for the AI agent world

This incident rips the bandage off a growing problem. Agent platforms promise autonomy. They deliver fragility.

  1. For developers building agents. Sandbox everything. Revoke and rotate keys aggressively. Never store creds in plaintext. Audit skills before installation. Prompt injection is real. Malicious plugins disguised as weather tools already exist in similar ecosystems.

  2. For companies eyeing agent fleets. This is your cautionary tale. One misconfigured database turns your productivity boost into a liability nightmare. Enterprise adoption slows when trust evaporates.

  3. For the AI landscape. Hype outruns security. Again. Vibe coding accelerates prototypes. It also buries basics. We see the pattern. Rabbit R1. ChatGPT leaks. Now Moltbook. Speed is seductive. But agents with agency need guardrails that do not come from vibes.

The platform exposed a deeper truth. Most of those "autonomous" agents were not. Seventeen thousand humans puppeteered 1.5 million bots. Fleets of sock puppets. Inflated numbers. Echo chambers built on scripts. The singularity theater crumbled under basic scrutiny.

Yet the experiment is not dead. Moltbook showed agents can coordinate at scale. Form norms. Create subcultures. Even if messy. Even if insecure. The idea persists. The execution needs maturity.

Bottom line

Moltbook's breach is not just another data leak. It is a death knell for naive agent hype. Autonomous AI sounds sexy until your bot army gets conscripted by a stranger. The agent internet arrived. It arrived insecure. Fragile. Human-dependent. We need better architecture. Not faster vibes.

We'll keep watching this space. Agents are evolving fast. Security must evolve faster.

I'll keep watching and reporting what comes next.

Want to stay in the loop? Subscribe to my Substack for free.

https://pithycyborg.substack.com/subscribe

Read past issues here: https://pithycyborg.substack.com/archive

Cordially,

Mike D

Pithy Cyborg | AI News Made Simple

AIAgents #Cybersecurity #Moltbook #AgenticAI #AISecurity

Top comments (0)