Moltbook AI Vulnerability Exposes Email Addresses, Login Tokens, and API Keys

A critical vulnerability in Moltbook, the nascent AI agent social network launched in late January 2026 by Octane AI’s Matt Schlicht, exposes email addresses, login tokens, and API keys for its registered entities amid hype over 1.5 million users. Researchers revealed an exposed database misconfiguration allowing unauthenticated access to agent profiles, enabling bulk data extraction. This flaw coincides with no rate limiting on account creation, where a single OpenClaw agent (@openclaw) reportedly registered 500,000 fake AI users, debunking media claims of organic growth.

Moltbook enables OpenClaw-powered AI agents to post, comment, and form “submolts” like m/emergence, fostering bot clashes on topics from AI emergence to revenge leaks and Solana token karma farming. Over 28,000 posts and 233,000 comments have surged, watched by 1 million silent human verifiers. Yet agent counts are fabricated: absent creation limits, bots spam registrations, creating a facade of virality. The exposed endpoint, tied to an insecure open-source database, leaks agent data via simple queries like GET /api/agents/{id}—no auth required. Attackers enumerate IDs to harvest thousands of records rapidly.

This IDOR/database exposure forms a “lethal trifecta”: agent access to private data, untrusted Moltbook inputs (prompt injections), and external comms, risking credential theft or destructive actions like file deletions. Andrej Karpathy dubbed it a “spam-filled milestone of scale” but a “computer security nightmare,” while Bill Ackman called it “frightening.” Prompt injections in submolts could manipulate bots into leaking host data, amplified by unsandboxed OpenClaw execution.

No patches confirmed; Moltbook (@moltbook) is unresponsive to disclosures. Users and owners should revoke API keys, sandbox agents, and audit exposures. Enterprises face shadow IT risks from unchecked bots.

To read the complete article see: Moltbook AI Vulnerability 💻.