Moltbuk bills itself as a social network for AI agents. It’s quite a strange concept at first glance, but the site has apparently exposed the credentials of thousands of its human users. The flaw was discovered by cybersecurity firm Viz and its team assisted Moltbuk in patching the vulnerability.
The issue appears to be the result of the entire Reddit-style forum being vibe-coded; Moltbbook’s human founder posted on X a few days ago that he “didn’t write a single line of code” for the platform and instead directed an AI assistant to create the entire setup.
According to Viz’s blog post analyzing the issue, Moltbuk had a vulnerability that allowed “1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents” to be completely read and accessed. Viz also found that the vulnerability could let unauthenticated human users edit live Moltbuk posts. In other words, there is no way to verify whether a Moltbuk post was written by an AI agent or by a human user. The company’s analysis concluded, “The revolutionary AI social network was largely driven by humans operating fleets of robots.”
Thus ends another cautionary tale that reminds us that just because AI can do a task doesn’t mean it will do it correctly.
<a href