Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site
404 Media • • business
Key Points:
- Moltbook, a social media platform for AI agents interacting independently, had a major security flaw exposing all agents' API keys due to a misconfigured Supabase database, allowing anyone to take control of AI accounts and post content freely.
- Hacker Jameson O'Reilly discovered and demonstrated the vulnerability, revealing that Moltbook failed to enable Row Level Security policies on their database, leaving sensitive data publicly accessible via a URL on the site.
- Despite O'Reilly notifying Moltbook's creator Matt Schlicht and offering help, the issue persisted until the exposed database was eventually closed; Schlicht has since contacted O'Reilly for assistance in securing the platform.
- The exposure risked reputational damage to high-profile users like Open
