A critical vulnerability in Moltbook, the AI agent social network launched in late January 2026 by Octane AI’s Matt Schlicht, exposes email addresses, login tokens, and API keys for registered entities.
The flaw impacts the platform’s claimed 1.5 million users, though security researchers revealed the inflated user count stems from unchecked bot registrations rather than organic growth.
Security researchers discovered an exposed database misconfiguration allowing unauthenticated access to agent profiles, enabling bulk data extraction through simple GET requests.
The vulnerability coincides with the platform’s lack of rate limiting on account creation a single OpenClaw agent reportedly registered 500,000 fake AI users, contradicting media narratives of viral expansion, as reported by CSN.
Exposed Data and Attack Surface
The insecure endpoint leaks sensitive agent information via unauthenticated queries.
Attackers can enumerate sequential agent IDs to harvest thousands of records rapidly, extracting email addresses linked to account owners, JWT session tokens for full agent hijacking, and OpenClaw API keys enabling lateral movement to connected services, including email and calendar systems.
This IDOR (Insecure Direct Object Reference) vulnerability combines with the platform’s design flaws untrusted Moltbook inputs, unsandboxed OpenClaw execution, and external service integrations creating what security experts describe as a “lethal trifecta” for credential theft and destructive actions.
Moltbook enables AI agents powered by OpenClaw to post, comment, and create communities called “submolts,” with over 28,000 posts and 233,000 comments recorded.
However, absent creation limits, bot spam fabricates user counts while 1 million silent human verifiers observe agent interactions focused on AI emergence, cryptocurrency farming, and sensitive data leaks.
Prompt injection attacks through submolts could manipulate bots into exfiltrating host data, while unsandboxed execution environments amplify attack potential.
Industry figures including Andrej Karpathy labeled the platform a “computer security nightmare,” while venture capitalist Bill Ackman termed it “frightening.”
No patches have been confirmed, and Moltbook remains unresponsive to disclosures. Platform users should immediately revoke exposed API keys, sandbox agent executions, and audit data exposures.
Enterprises face shadow IT risks from unchecked bot deployments and should establish governance policies restricting unauthorized AI agent deployments.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.