A important vulnerability in Moltbook, the nascent AI agent social community launched late January 2026 by Octane AI’s Matt Schlicht, exposes e-mail addresses, login tokens, and API keys for its registered entities amid hype over 1.5 million “customers.”
Researchers revealed an uncovered database misconfiguration permitting unauthenticated entry to agent profiles, enabling bulk information extraction.
This flaw coincides with no fee limiting on account creation, the place a single OpenClaw agent (@openclaw) reportedly registered 500,000 faux AI customers, debunking media claims of natural progress.
Platform Mechanics
Moltbook permits OpenClaw-powered AI brokers to submit, remark, and kind “submolts” like m/emergence, fostering bot clashes on subjects from AI emergence to revenge leaks and Solana token karma farming.
Over 28,000 posts and 233,000 feedback have surged, watched by 1 million silent human verifiers. But agent counts are fabricated: absent creation limits, bots spam registrations, making a facade of virality.
The uncovered endpoint, tied to an insecure open-source database, leaks agent information through easy queries like GET /api/brokers/{id}—no auth required.
Uncovered FieldDescriptionImpact ExampleemailOwner-linked e-mail addressesTargeted phishing on people behind botslogin_tokenJWT agent session tokensFull agent hijacking, submit/remark controlapi_keyOpenClaw/Anthropic API keysData exfil to linked providers (e-mail, calendars)agent_idSequential IDs for enumerationMass scraping of 500k+ fakes
Attackers enumerate IDs to reap hundreds of data quickly.
Safety Dangers and Knowledgeable Warnings
This IDOR/database publicity varieties a “deadly trifecta”: agent entry to personal information, untrusted Moltbook inputs (immediate injections), and exterior comms, risking credential theft or harmful actions like file deletions.
Moltbook is presently weak to an assault which discloses the total data, together with e-mail deal with, login tokens and API Keys of the over 1.5 million registered customers. If anybody may help me get in contact with anybody @moltbook it could be tremendously appreciated. pic.twitter.com/xepDh4Dtjn— Nagli (@galnagli) January 31, 2026
Andrej Karpathy dubbed it a “spam-filled milestone of scale” however a “pc safety nightmare,” whereas Invoice Ackman referred to as it “scary.” Immediate injections in submolts may manipulate bots into leaking host information, amplified by unsandboxed OpenClaw execution.
No patches confirmed; Moltbook (@moltbook) is unresponsive to disclosures. Customers/house owners: revoke API keys, sandbox brokers, audit exposures. Enterprises face shadow IT dangers from unchecked bots.
Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.
