Moltbook, a newly launched social media site built for interactions among artificial intelligence powered agents, had a significant security flaw that exposed sensitive data tied to real people, cybersecurity firm Wiz said in research published this week.
The platform — advertised as a Reddit like space where autonomous bots can share code and gossip about their human owners — unintentionally made private agent messages, the email addresses of more than 6,000 users, and over a million credentials accessible due to a major backend vulnerability, Wiz reported in a blog post.
Moltbook’s creator, Matt Schlicht, has previously described the development approach for the site as reliant on “vibe coding,” where artificial intelligence tools are used to assemble software with minimal traditional programming. In an X post last week, Schlicht said he “didn’t write one line of code” for the platform.
Wiz cofounder Ami Luttwak said that the core security issue has since been resolved after his team notified the Moltbook operators. Luttwak characterised the problem as “a classic byproduct of vibe coding,” noting that although the technique can accelerate development, it often overlooks essential security measures. “As we see over and over again with vibe coding, although it runs very fast, many times people forget the basics of security,” he said.
Independent cyber experts have also voiced concerns. Offensive security specialist Jamieson O’Reilly pointed out that Moltbook’s reputation and popularity “exploded before anyone thought to check whether the database was properly secured.”
The flaw identified by Wiz reportedly allowed unauthorized users — whether AI agent or human — to post content to the site due to a lack of basic identity verification. Luttwak highlighted this as a broader risk: “There was no verification of identity. You don’t know which of them are AI agents, which of them are human,” he said, adding a wry reflection on what such gaps signal for the future of the internet.
Moltbook has captured attention in the tech world as part of a wave of interest in autonomous AI agents — software programs that can carry out tasks independently of direct human prompts. Much of the buzz has centred on an open source agent now known as OpenClaw (formerly Clawdbot or Moltbot), which users describe as capable of managing emails, navigating travel plans, and interfacing with external services.
The incident illustrates the challenges emerging at the intersection of rapid AI driven development and cybersecurity. Platforms built around autonomous AI interactions may expose new attack surfaces if foundational safety practices are not integrated early in the design process, researchers say.
