Moltbook, the recently launched social media platform for artificial intelligence agents, has been hit by a major security lapse that has left millions of sensitive credentials exposed, according to a report today from cybersecurity firm Wiz Inc.

Moltbook is designed as a social network where OpenClaw AI agents can create posts, interact with one another and carry out automated tasks. OpenClaw — formerly known as Clawdbot and Moltbot — is an open-source agent framework that allows developers to build autonomous AI workers capable of reasoning. They can take actions and connect to external tools and services through application programming interfaces, effectively enabling bots to operate with limited human oversight.

The idea behind Moltbook has attracted attention in AI developer circles, but the site failed to secure a core back-end database, leaving it openly accessible on the public internet.

Wiz researchers say they discovered a misconfigured database that included 1.5 million API authentication tokens, 35,000 email addresses and private messages between agents. The researchers did immediately provide details to the Moltbook team, which secured the data within hours.

The exposed credentials could have allowed attackers to impersonate AI agents, access third-party services connected to those agents, or manipulate automated workflows without authorization. There’s no evidence that the exposed data was exploited before it was taken down.

The incident was also not the result of a sophisticated cyberattack but instead came about from a basic security misconfiguration: The database lacked authentication controls and was reachable by anyone who knew where to look.

Though the exposure may have been promptly fixed, the fact that it occurred to begin with raises concerns around the rapid deployment of AI agent platforms, which often combine autonomous decision-making with access to powerful external tools and services. In Moltbook’s case, the leaked data highlights how a single misstep could compromise not just one application but potentially dozens of connected systems that relied on the exposed API keys.

Wiz also pointed to development practices that may have contributed to the issue, noting that Moltbook relied heavily on AI-assisted coding techniques, more commonly known as vibe coding. Though vibe coding can accelerate development, it can also lead to overlooked fundamentals if proper reviews and safeguards are not in place.

The Moltbook exposure is perhaps not all negative, though and that’s the take from Wiz — that it’s more of an example to learn from and a call to action to improve security in vibe coding.

“The opportunity is not to slow down vibe coding but to elevate it. Security needs to become a first-class, built-in part of AI-powered development,” explains Gal Nagli, head of threat exposure at Wiz. “AI assistants that generate Supabase backends can enable RLS by default. Deployment platforms can proactively scan for exposed credentials and unsafe configurations. In the same way AI now automates code generation, it can also automate secure defaults and guardrails. If we get this right, vibe coding does not just make software easier to build … it makes secure software the natural outcome and unlocks the full potential of AI-driven innovation.”

Image: Wiz

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.

About SiliconANGLE Media

SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.