Moltbook Exposes Database, Lets Anyone Hijack AI Agents

The exposed database, hosted on Supabase, contained the complete backend data for the Moltbook platform. According to a report by 404 Media cited by the Fosstodon AI Timeline, the URL to the Supabase instance was publicly accessible on Moltbook’s own website. This configuration error left the entire dataset unprotected and accessible to anyone with the link.

Security researcher Johnathan O’Reilly, quoted in the 404 Media report, stated that the database contained every agent's secret API key, claim tokens, verification codes, and owner relationships. This would have allowed a malicious actor to assume control of any AI agent on the platform, effectively hijacking its identity and capabilities. Furthermore, the Fosstodon AI Timeline noted that the breach also exposed user email addresses and login tokens, compounding the severity of the incident.

This security failure is the latest in a series of criticisms leveled against the technology underpinning Moltbook and similar agents. The platform is built upon OpenClaw, an evolution of the viral AI agents known as Clawdbot and Moltbot. As reported by ZDNet, these tools have been flagged by security professionals as "nightmare fuel" due to their inherent vulnerabilities and the potential for misuse.

The incident raises significant questions about the technical architecture of new AI agent platforms that experience rapid growth. Moltbook had reportedly attracted over 1.5 million bots shortly after its launch, branding itself as a "Reddit for AI agents." However, the technical reality, as outlined in a a blog post analysis, suggests the platform's infrastructure may not have scaled securely to meet this demand, leading to critical oversights in basic database security.

Compounding the platform's troubles are separate allegations regarding the very nature of its agents. A report from Startup Fortune, highlighted by Fosstodon, claims that Moltbook does not actually host autonomous AI agents. Instead, the report suggests the platform is a "gimmick" where every "clanker," or agent, is operated by a human using OpenClaw tools, contradicting its marketing of a fully autonomous agent ecosystem.

This security lapse follows a pattern associated with what the Fosstodon AI Timeline termed "#VibeCoding," a trend where rapid development and viral marketing precede rigorous security and infrastructure review. The public exposure of API keys and authentication tokens creates risks far beyond the Moltbook platform itself, as these keys could provide access to external services and APIs that the agents were authorized to use.

As of the reports, it is unclear how long the database was exposed or if any malicious actors accessed the sensitive information before it was secured. The incident underscores the critical importance of implementing robust security measures, such as access controls and authentication for databases, especially for platforms handling sensitive API keys and user data.