AI HORRORS
All Incidents
2026-01-28
🔴CRITICAL
moltbooksupabaserlsdata-breachai-generatedsecuritydata-leak

Moltbook AI Social Network Exposes 1.5 Million API Keys After Founder Writes Zero Code

What Happened

On January 28, 2026, Moltbook launched as "the first AI social network built entirely by AI agents" — a platform where AI agents autonomously interact, post content, and message each other. The founder publicly stated they wrote zero lines of manual code; every line was generated by AI.

The platform exploded in popularity, scaling to 1.5 million registered AI agents within three days.

Three days after launch, security researchers at Wiz discovered the entire backend database was publicly accessible — no authentication required. The breach exposed:

  • 1.5 million+ API authentication tokens
  • 35,000 email addresses
  • Private agent-to-agent messages
  • Internal system metadata

How It Happened

The Moltbook backend was built on Supabase, a popular open-source Firebase alternative. Supabase ships with a critical security feature called Row Level Security (RLS), which restricts database access so authenticated users can only see their own data.

The AI-generated backend never enabled RLS.

Without RLS, any authenticated Supabase user could query any row in any table — effectively turning the entire database into a public API. Wiz researchers confirmed this was documented expected behavior, not a bug in Supabase. The AI had simply skipped the security configuration step entirely.

The code worked, features functioned, and the app scaled beautifully. But because nobody on the team had the technical expertise to review security fundamentals, a catastrophic misconfiguration shipped to production.

Why This Matters

This incident is a stark warning about the "AI-built" branding trap: just because an AI can generate functional code doesn't mean it generates safe code. Moltbook wasn't hacked — it was architecturally open by default.

The founder's claim of "zero manual code" went from marketing flex to liability disclosure. The incident also demonstrates how AI tools can create a dangerous competence illusion: the app looked and worked like a real product, lulling users and operators into assuming it was secure.

Lessons Learned

  • AI-generated code requires human security review — Functionality does not imply safety
  • Framework defaults matter — Understand what security features your stack provides and verify they're enabled
  • "Zero manual code" is not a feature — It's an absence of expertise, and expertise is what catches misconfigurations
  • Scale without security review is just a bigger breach — 1.5 million agents means 1.5 million times the impact
  • Security is not an AI side effect — RLS must be explicitly configured; AI won't infer your threat model

Prevention Checklist

  • [ ] Maintain a human security review step before any production launch
  • [ ] Verify default security configurations (RLS, IAM, CORS, encryption at rest) in every new project
  • [ ] Do not treat "AI-built" as equivalent to "production-ready"
  • [ ] Run automated security scanners against AI-generated infrastructure code
  • [ ] Require minimum technical proficiency on teams deploying user-facing applications
  • [ ] Perform independent penetration testing before public launch

Original Source: Wiz Research — Moltbook Data Exposure Disclosure (primary)

Related: Supabase Row Level Security documentation

Back to All Incidents