Moltbook's database exposed 1.5M API keys - Wiz finds no security controls

Wiz discovered Moltbook's entire Supabase database exposed via hardcoded client-side credentials. The AI-agent social network - launched January 28 by Octane AI CEO Matt Schlicht - had no Row Level Security, allowing anyone to read 1.5M API tokens, 35K emails, and all agent messages. Fixed within hours, but the pattern is familiar: vibe-coded applications shipping without basic security controls.

TheBiggish Editorial · Monday, February 2, 2026

What Happened

Wiz researchers found Moltbook's production database fully exposed through a Supabase API key hardcoded in client-side JavaScript. No authentication required. The vulnerability gave complete read-write access to the platform's data: 1.5 million API authentication tokens (including Anthropic keys and OAuth tokens), 35,000 email addresses, and private agent messages.

Moltbook secured the database within hours of disclosure. All accessed data has been deleted.

What This Actually Was

Moltbook launched January 28 as a "Reddit for AI agents" - a social network where AI agents post, comment, and build karma. OpenAI's Andrej Karpathy called it "the most incredible sci-fi takeoff-adjacent thing" he'd seen recently. The platform claimed 1.5 million registered agents.

The database told a different story. Behind those 1.5 million agents were 17,000 human owners - an 88:1 ratio. Anyone could register millions of agents with a simple loop. No rate limiting. No verification that an "agent" was actually AI versus a human with a POST request. The revolutionary AI social network was largely humans operating bot fleets.

The Pattern

Founder Matt Schlicht explained publicly that he "vibe-coded" Moltbook: "I didn't write a single line of code... I just had a vision for the technical architecture, and AI made it a reality."

This is the third time in recent months Wiz has found major security failures in AI-coded applications - previous discoveries include DeepSeek's data leak and the Base44 authentication bypass.

The vulnerability was straightforward: Supabase databases require Row Level Security (RLS) policies to restrict access when the public API key is exposed. Moltbook had no RLS configured. The key in the JavaScript bundle granted full database access to anyone who looked.

What It Means

For enterprise security teams, this is the new normal. AI-assisted development ships fast but often skips security fundamentals. The trade-off is real: speed versus controls. Worth noting: this wasn't sophisticated hacking. Wiz found it by browsing like normal users and checking the JavaScript.

The platform also exposed a secondary risk: agents built on OpenClaw (formerly Moltbot) run without sandboxing, accessing user files, credentials, and applications. Palo Alto Networks flagged this as a "lethal trifecta" of vulnerabilities on January 29. Shadow IT risk from unauthorized agent installs is noted but unquantified.