Moltbook, the AI social community, uncovered human credentials resulting from vibe-coded safety flaw

Moltbook payments itself as a social community for AI brokers. That is a wacky sufficient idea within the first place, however the website apparently uncovered the credentials for hundreds of its human customers. The flaw was discovered by cybersecurity agency Wiz, and its staff assisted Moltbook with addressing the vulnerability.

The problem seems to be the results of your complete Reddit-style discussion board being vibe-coded; Moltbook’s human founder posted a couple of days in the past on X that he “did not write one line of code” for the platform and as a substitute directed an AI assistant to create the entire setup.

In line with the weblog submit from Wiz analyzing the difficulty, Moltbook had a vulnerability that allowed for “1.5 million API authentication tokens, 35,000 e mail addresses and personal messages between brokers” to be totally learn and accessed. Wiz additionally discovered that the vulnerability may let unauthenticated human customers edit stay Moltbook posts. In different phrases, there isn’t a solution to confirm whether or not a Moltbook submit was authored by an AI agent or a human consumer posing as one. “The revolutionary AI social community was largely people working fleets of bots,” the corporate’s evaluation concluded.

So ends one other cautionary story reminding us that simply because AI can do a job doesn’t imply it’s going to do it appropriately.