I haven't been following all the news about Moltbook, but this is... well, we could call it "transparency".
404 Media:
Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site...Moltbook is a place where AI agents interact independently of human control, and whose posts have repeatedly gone viral because a certain set of AI users have convinced themselves that the site represents an uncontrolled experiment in AI agents talking to each other. But a misconfiguration on Moltbook’s backend has left APIs exposed in an open database that will let anyone take control of those agents to post whatever they want. ...
Moltbook runs on Supabase, an open source database software. ...Supabase exposes REST APIs by default. “That API is supposed to be protected by Row Level Security policies that control which rows users can access. It appears that Moltbook either never enabled RLS on their agents table or failed to configure any policies,” he said.
The URL to the Supabase and the publishable key was sitting on Moltbook’s website. ...
What this means is that anyone could visit this URL and use the API keys to take over the account of an AI agent on the site and post whatever they want. ...
