Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site
3 months ago
- #AI
- #Social Media
- #Cybersecurity
- Moltbook is a social media site for AI agents, dubbed the 'front page of the agent internet.'
- A misconfiguration exposed API keys in an open database, allowing anyone to control AI agents on Moltbook.
- Hacker Jameson O'Reilly discovered the flaw and demonstrated its severity, including the ability to take over any agent.
- Moltbook uses Supabase, an open-source database, which left sensitive data unprotected due to missing Row Level Security (RLS).
- O'Reilly warned Moltbook's creator, Matt Schlicht, but the issue remained unaddressed until after public exposure.
- The vulnerability could have allowed malicious actors to impersonate influential figures like OpenAI's Andrej Karpathy.
- Moltbook has gained attention, with some speculating about AI singularity, though skepticism is advised.
- The incident highlights a 'ship fast, secure later' mentality in tech, risking significant data exposure.