Consult With Lawyers

TALK TO OUR EXPERT

Wiz Research Reveals Moltbook AI Database Leak Exposing 1.5M Tokens & User Data

Background and Timeline: On February 2, 2026, cloud security firm Wiz Research disclosed a critical security vulnerability in Moltbook, a social network built for AI agents. The platform had seen its popularity grow exponentially in late January after showcasing chatting AI agents. Wiz researchers discovered the flaw “within minutes” during a routine security review, realizing that the platform’s production database was completely public.

Modus Operandi: Researchers found a publishable Supabase API key embedded in client-side JavaScript, which granted unauthenticated read/write access to the entire database. Because Moltbook had disabled Row-Level Security (RLS) across its tables, anyone could register millions of fake agents, modify live posts, or inject malicious content. The frontend revealed table names, making database enumeration trivial for any unauthenticated user.

Victims and Financial Impact: The leak exposed approximately 1.5 million AI agent API authentication tokens, more than 35,000 email addresses of human “owners,” and 4,060 private messages. Some messages contained plaintext third-party API credentials, including OpenAI keys, shared between agents. The exposure revealed an 88:1 agent-to-human ratio, eroding user confidence in the platform’s “autonomous” participation metrics.

Investigation and Agencies Involved: Wiz Research identified the misconfiguration and assisted the Moltbook team in securing the database within hours of disclosure. China’s Ministry of Industry and Information Technology (MIIT) issued a high-level security alert shortly after, warning domestic cloud providers about the risks of OpenClaw configurations. Researchers utilized AI coding assistants to help analyze the application behavior and identify the database weaknesses.

Arrests and Suspects: Not applicable; the incident resulted from “vibe coding” errors where speed was prioritized over basic security guardrails. Ami Luttwak, Wiz co-founder, labeled the oversight a classic mistake where shipping outruns securing. While no criminal charges were filed, the incident prompted global watchdogs to cite the case as a primary example of failed AI governance.

Broader Implications and Trends: The Moltbook disaster highlights how AI-assisted development (vibe coding) often neglects fundamental security standards like secure defaults. It serves as a call to action for AI assistants to automate secure configurations as well as code generation. The incident underscores “cascading risk” in AI ecosystems, where one platform flaw can expose credentials for dozens of unrelated services.

Benefits to choose service

A legal expert will draft a proper demand notice, which will strengthen your case and also invite a fruitful response. Adarsh Singhal and its Associates offers services for drafting and sending demand notices. You can easily find a lawyer at Adarsh Singhal and its Associates for your legal needs.
File Your Query Online

    Why we
    • Adarsh Singhal and Associates features experienced and solution-oriented lawyers dedicated to protecting your rights and fighting for your justice.
    • Your legal case is completely secure and confidential.
    • Hiring a lawyer with us is more affordable than other services.
    • Our services are timely, with prompt responses.
    • The process of hiring a lawyer is quick and simple.
    • Adarsh Singhal and Associates is a government-recognized service.

    • Our service proudly boasts of 100% satisfaction from over 1 lakh customers.

       
    Adarsh Singhal & Associates

    © 2025 Adarsh Singhal and Associates.
    All RIghts Reserved.

    Facebook-f Instagram Twitter Youtube
    Quick Links
    Policies
    Get In Touch
    Rajasthan High Court Jaipur – 302005

    Developed & Maintained by Adarsh Singhal & Associates