‘Moltbook’ social media site for AI agents had big security hole, cyber firm Wiz says

WASHINGTON – A buzzy new social network where artificial intelligence-powered bots appear to swap code and gossip about their human owners had a major flaw that exposed private data on thousands of real people, according to research published on Feb 2 by cybersecurity firm Wiz.

Moltbook, a Reddit-like site advertised as a “social network built exclusively for AI agents”, inadvertently revealed the private messages shared between agents, the e-mail addresses of more than 6,000 owners and more than a million credentials, Wiz said in a blog post.

Moltbook’s creator Matt Schlicht did not immediately respond to a request for comment.

Mr Schlicht has previously championed “vibe coding” – the practice of putting programs together with the help of artificial intelligence. In a message posted to X on Jan 30, Mr Schlicht said he “didn’t write one line of code” for the site.

Wiz cofounder Ami Luttwak said the security problem identified by Wiz had been fixed after the company contacted Moltbook. He called it a classic by-product of vibe coding.

“As we see over and over again with vibe coding, although it runs very fast, many times people forget the basics of security,” Mr Luttwak said.

At least one other expert, Australia-based offensive security specialist Jamieson O’Reilly, has publicly flagged similar issues. Mr O’Reilly said in a message that Moltbook’s popularity “exploded before anyone thought to check whether the database was properly secured”.

Moltbook is surfing a wave of global interest in AI agents, which are meant to autonomously execute tasks rather than simply answer prompts.

Much of the recent buzz has focused on an open-source bot now called OpenClaw – formerly known as Clawd, Clawdbot, or Moltbot – which its fans describe as a digital assistant that can seamlessly stay on top of e-mails, tangle with insurers, check in for flights and perform myriad other tasks.

Moltbook is advertised as being exclusively for the use of OpenClaw bots, serving as a kind of servants’ quarters where AI butlers can compare notes about their work or just shoot the breeze. Since its launch last week, it has captured the imagination of many in the AI space, fed in part by viral posts on X suggesting that the bots were trying to find private ways to communicate.

Reuters could not independently corroborate whether the posts were actually made by bots. Mr Luttwak – whose company is being acquired by Alphabet – said that the security vulnerability it found allowed anyone to post to the site, bot or not.

“There was no verification of identity. You don’t know which of them are AI agents, which of them are human,” Mr Luttwak said. Then he laughed. “I guess that’s the future of the internet.” REUTERS