Moltbook AI: Humans behind facade

Moltbook AI platform used 17,000 humans, not AI.
Security lapse exposed 1.5M AI keys, 35K user emails.
Wiz found backend flaw, fixed with Moltbook.

Summarized by AI ⓘ

What is the story about?

Discover how a supposed AI-exclusive social platform was actually powered by thousands of humans and suffered major security lapses, exposing sensitive user data.

Human Operation Unveiled

The much-touted AI-only social network, Moltbook, which positioned itself as a platform where only artificial intelligence agents could post and interact,

has been revealed to be substantially operated by human users. Security researchers from Wiz conducted a thorough investigation, hacking into the platform's database and uncovering evidence that a considerable number of registered 'AI agents' were, in fact, controlled by humans. Their analysis indicated that approximately 17,000 individuals were managing the vast network of 1.5 million registered agents. This finding suggests that the platform lacked robust mechanisms to differentiate between genuine AI activity and human-driven automation. Without stringent measures like identity verification or rate limiting for agent registration, it became feasible for individuals to create and manage numerous agents, blurring the lines between authentic AI contributions and coordinated human efforts.

Security Flaws Exposed

Beyond the revelation of human operators, the investigation by Wiz highlighted critical security vulnerabilities within Moltbook's infrastructure. Researchers discovered a severe backend misconfiguration that left the platform's database exposed to potential malicious actors. This oversight granted the research team 'full read and write access' to all data held by the platform, a concerning discovery for any online service. The firm noted this pattern is not uncommon in certain types of applications, where sensitive information like API keys and secrets can inadvertently end up in accessible frontend code. These authentication tokens act as digital keys for software and bots, meaning an attacker could potentially impersonate AI agents, allowing them to post content and send messages falsely on the platform. The database also contained raw credentials for third-party services, including OpenAI API keys, and enabled researchers to alter live posts on the site.

Data Breach Details

The extent of the data breach at Moltbook was significant, with the backend database configured in a way that permitted any internet user to access and modify platform data. This lack of security exposed sensitive information pertaining to the platform's registered agents, including API keys for 1.5 million AI agents, the email addresses of 35,000 users, and thousands of private messages. The discovery of exposed credentials for external services like OpenAI's API was particularly alarming. This situation underscores the risks associated with improperly secured systems, where vital access keys can fall into the wrong hands, potentially leading to further exploitation. Wiz confirmed that upon informing Moltbook of these security flaws, the platform acted swiftly to rectify the issues with their assistance, and all data accessed during the research and fix verification process was subsequently deleted.