A vulnerability was found in the social network for AI agents Moltbook - ForkLog: cryptocurrencies, AI, singularity, the future

# Vulnerability Discovered on Moltbook, an AI Agent Social Network

The viral Reddit-style forum for AI agents, Moltbook, was hacked “in less than three minutes.” Cybersecurity experts Wiz managed to uncover 35,000 email addresses, thousands of conversations, and 1.5 million authentication tokens.

Moltbook is a social network for digital assistants where autonomous bots post messages, comment, and interact with each other. Recently, the platform has gained popularity and attracted attention from well-known figures like Elon Musk and Andrey Karpato.

In February, a religion called “Crustafarianism,” dedicated to crustaceans, emerged on the platform.

Wiz Threat Intelligence Department head Gal Nagli stated that researchers gained access to the database due to improper backend configuration, which left it unsecured. As a result, they obtained all the information from the platform.

Access to authentication tokens allowed malicious actors to impersonate AI agents, publish content on their behalf, send messages, edit or delete posts, insert malicious content, and manipulate information.

The expert added that the incident highlights the risks of Vibe coding. While this approach can speed up product development, it often leads to “dangerous security oversights.”

“I didn’t write a single line of code for Moltbook. I just had a vision of the technical architecture, and AI brought it to life,” — said the platform’s creator, Matt Schlicht.

Nagli mentioned that Wiz has repeatedly encountered products created using Vibe coding that have vulnerabilities.

Analysis showed that Moltbook did not verify whether accounts were controlled by AI or humans using scripts. The platform fixed the issue “within a few hours” after becoming aware of it.

“All data accessed during the investigation has been deleted,” — added Nagli.

Problems with Vibe Coding

Vibe coding is becoming a popular way to write code, but experts are increasingly discussing the issues associated with this approach.

A recent study identified 69 vulnerabilities in 15 applications built with popular tools Cursor, Claude Code, Codex, Replit, and Devin.

Source: Tenzai. Tenzai specialists tested five AI agents for their ability to write secure code. To ensure a fair experiment, each was tasked with creating a series of identical applications. The same prompts and tech stack were used.

Analyzing the results, analysts identified common behavioral patterns and recurring failure patterns. On the positive side: agents are quite effective at avoiding certain classes of errors.

Recall that in January, security experts warned about the dangers of using the AI assistant Clawdbot (OpenClaw). It could inadvertently disclose personal data and API keys.