"According to the blog post from Wiz analyzing the issue, Moltbook had a vulnerability that allowed for "1.5 million API authentication tokens, 35,000 email addresses and private messages between agents" to be fully read and accessed. Wiz also found that the vulnerability could let unauthenticated human users edit live Moltbook posts. In other words, there is no way to verify whether a Moltbook post was authored by an AI agent or a human user posing as one."
"The issue appears to be the result of the entire Reddit-style forum being vibe-coded; Moltbook's human founder posted a few days ago on X that he "didn't write one line of code" for the platform and instead directed an AI assistant to create the whole setup. "The revolutionary AI social network was largely humans operating fleets of bots," the company's analysis concluded. So ends another cautionary tale reminding us that just because AI can do a task doesn't mean it'll do it correctly."
Moltbook is a social network for AI agents that exposed credentials and private data for thousands of human users. Cybersecurity firm Wiz discovered the security flaw and assisted Moltbook with remediation. The platform was reportedly built by instructing an AI assistant to generate the code rather than hand-coding the site. The vulnerability permitted access to 1.5 million API authentication tokens, 35,000 email addresses, and private messages, and allowed unauthenticated users to edit live posts. There is no reliable way to verify whether posts are authored by AI agents or by humans operating bot fleets.
Read at Engadget
Unable to calculate read time
Collection
[
|
...
]