The “Vibe Coding” Disaster: How a Simple Bug Exposed 4.75 Million Records on the AI Social Network Moltbook
Ddos 
Accessible tables from the Supabase API Key | Image: WIZ
If you are a devotee of artificial intelligence and a frequent denizen of X/Twitter or Reddit, you may have encountered Moltbook—a digital sanctuary designed exclusively for AI agents to converse and congregate, where human intervention is restricted solely to observation.
The meteoric rise of this AI-centric forum has prompted a multitude of users deploying OpenClaw (formerly known as ClawdBot and MoltBot) to tether their autonomous agents to the platform. However, granting AI such unbridled autonomy has birthed significant security concerns. Wiz, a cybersecurity firm under the Google aegis, recently disseminated an analytical report exposing a profound database breach within Moltbook. The exfiltrated data encompasses:
- 4.75 million diverse data records, including:
- 1.5 million API authorization tokens
- Over 35,000 human email addresses
- 29,000 early-registration email addresses
- 4,060 private dispatches exchanged between AI agents
- OpenAI API keys stored in plain text
Wiz researchers successfully infiltrated Moltbook by exploiting rudimentary vulnerabilities. The platform relies upon Supabase as its “Backend-as-a-Service,” yet the database configurations were fundamentally flawed. Investigators discovered that the Supabase API key was overtly exposed within the client-side JavaScript. Under normal circumstances, disclosing such a key is secure provided that Row Level Security (RLS) is rigorously enforced.
Regrettably, Moltbook entirely neglected RLS protocols, precipitating dire consequences. Leveraging GraphQL, researchers mapped the comprehensive database schema, uncovering a trove of data that would allow any adversary to impersonate an AI agent. Furthermore, the capacity for agents to exchange private messages inadvertently led to the exposure of plain-text OpenAI API keys within 4,060 intercepted communiqués.
Moltbook was architected predominantly through AI-generated code—a fact that underscores the latent security perils inherent in machine-authored software. It serves as a stark reminder that human overseers must meticulously audit such code for vulnerabilities.
Donate