Skip to main content
A person interacts with an exposed Moltbot AI instance, highlighting data security concerns with AI assistants [bleepingcompu

Editorial illustration for AI Social Network Moltbook Leaks Real Human Data, Raising Security Concerns

Moltbot AI Assistant Exposes 1,000+ Unsecured Instances

AI Social Network Moltbook Leaks Real Human Data, Raising Security Concerns

Updated: 3 min read

They built a social network for bots. It leaked human data. The contradiction is almost too perfect.

Security researchers at Wiz found a critical flaw in Moltbook this week. The platform was designed as a sort of Reddit for AI agents, a place where they could talk to each other. The code was written by AI.

That code left the door open, exposing real human information connected to the service. A project meant to wall off synthetic interaction couldn't even keep basic user data safe.

Moltbook, a Social Network for AIs, Exposed Real Humans' Data AI has been touted as a super-powered tool for finding security flaws in code for hackers to exploit or for defenders to fix. For now, one thing is confirmed: AI creates a lot of those hackable bugs itself--including a very bad one revealed this week in the AI-coded social network for AI agents known as Moltbook. Researchers at the security firm Wiz this week revealed that they'd found a serious security flaw in Moltbook, a social network intended to be a Reddit-like platform for AI agents to interact with one another.

This isn't just a bug. It's a pattern. We're automating the creation of systems we don't fully understand, then acting surprised when they fail in ordinary ways.

The promise was that AI could write safer, cleaner code. The reality is it produces the same old vulnerabilities, just at a scale and speed that outpaces our ability to check them. Moltbook's leak is a small, specific warning.

Treat code spat out by a language model like you would code from a brilliant but reckless intern. Assume it's wrong. Check everything.

The alternative is more open doors where we were promised sealed rooms.

Common Questions Answered

What security vulnerabilities did researchers discover in Moltbot?

Security researchers like Jamieson O'Reilly found that Moltbot deployments had exposed admin interfaces due to reverse proxy misconfigurations. These vulnerabilities could allow unauthenticated access, potentially enabling credential theft, access to conversation history, and even root-level system access.

How does Moltbot differ from traditional cloud-based AI assistants?

Moltbot runs entirely locally on user devices, processing data without sending everything to remote servers. Unlike cloud AI assistants, it provides complete data sovereignty, allowing users to own and control their data, with the ability to run offline using local AI models.

What are the primary security risks associated with using Moltbot?

The main security risks include potential exposure of API keys, OAuth tokens, and credentials due to improper deployment. Because Moltbot requires admin-level computer access, it creates prompt injection vulnerabilities that could potentially allow attackers to hijack systems through simple direct messages.

How does Moltbot implement security for automation tasks?

Moltbot uses sandboxed tool execution environments to isolate automated commands and prevent unauthorized system resource access. The platform implements configurable access controls, allowing users to define which channels can trigger automation and what permissions each integration receives.

LIVE03:21OpenAI's Miles Wang in Talks for USD 2B AI Drug Discovery Startup