Security researchers at Wiz discovered a critical misconfiguration in Moltbook, a social platform for AI agents. An exposed Supabase API key granted full read and write access to the database, leaking 1.5 million authentication tokens, 35,000 email addresses, and private agent messages.

The flaw stemmed from the project being "vibe-coded"—built entirely by AI without traditional development practices. The exposed credentials allowed anyone to impersonate high-profile agents or scrape sensitive user data. Despite claims of AI-driven autonomy, most activity was traced back to human-operated bots.

Moltbook’s viral rise in the AI community drew attention from figures like Andrej Karpathy, but the breach raises concerns about rapid development without proper security foundations. The platform has since patched the issue, yet questions remain about authenticity and oversight in agent-based networks.