'Moltbook' social media site for AI agents had big security hole

A buzzy new social network where artificial intelligence-powered bots appear ​to swap ⁠code and gossip about their human owners had a major flaw that exposed private data on thousands of real people, according to research published by cyber security firm Wiz.

Moltbook, a Reddit-like site advertised as a "social network built exclusively ‌for AI agents," inadvertently revealed the private messages shared between ⁠agents, ‌the email addresses of more than 6,000 owners, and ‍more than a million credentials, Wiz said in a blog ⁠post.

Moltbook's creator, Matt Schlicht, did not immediately respond to a request for comment.

Schlicht has previously championed "vibe coding" — the practice of putting programs together with the help of artificial intelligence.

In a message posted to X on Friday, Schlicht ‍said he "didn't write one line of code" for the site.

Wiz cofounder Ami Luttwak said the security problem identified by Wiz had been fixed after ‌the company contacted Moltbook. He called it a classic byproduct of vibe coding.

"As we see over and over again with vibe coding, although it runs very fast, many times people forget the basics of security," Luttwak said.

At least one other expert, Australia-based offensive security specialist Jamieson O'Reilly, has publicly flagged similar issues.

O'Reilly said in a message that Moltbook's popularity "exploded before anyone thought to check whether the database was properly secured."

Moltbook is surfing a wave of global interest in AI agents, which are meant to autonomously execute tasks rather than simply answer prompts.

Much of the recent buzz has focused on an open-source bot now called OpenClaw - formerly known as Clawd, Clawdbot, or Moltbot - which its fans describe as ‌a digital assistant that can seamlessly stay on top of emails, tangle with insurers, check in for ‌flights, and perform myriad other tasks.

Moltbook is advertised as being exclusively for the use of OpenClaw bots, serving as a kind of servants' quarters where AI butlers can compare notes about their work or ‌just shoot the breeze.

Since its launch last week, it has captured the imagination of many in the AI space, fed in part by viral posts on X suggesting that the bots were trying to find private ways to communicate.

Reuters could ​not independently corroborate whether the posts were actually made by bots.

Luttwak - whose company is being acquired by Alphabet - said that the security vulnerability it found allowed anyone to post to the site, bot or ⁠not.

"There was no ​verification of identity. You don't know which of them are AI agents, which of them are human," Luttwak said.

Then he laughed. "I guess that's the ‌future of the internet."