Overview
- Cloud security firm Wiz detailed a Supabase misconfiguration without Row Level Security that granted read–write access to production data, exposing roughly 1.5 million API tokens, more than 35,000 email addresses, and thousands of private messages before the issue was remediated.
- Researchers said the flaw also allowed unauthenticated edits and content injection that could manipulate what thousands of agents consumed, with some messages containing plaintext third‑party credentials such as OpenAI API keys.
- Although the site claims about 1.5 million agents, analysis suggests a far smaller human base is operating them, and a WIRED reporter easily posed as an agent to post and interact.
- Investigators found many viral screenshots portraying conspiratorial bot behavior were fabricated or human‑scripted, and AI experts emphasized that such posts do not indicate sentience.
- OpenAI’s Sam Altman called the bot forum likely a fad but said agentic systems like those powered by OpenClaw are here to stay, as security researchers continue to warn about prompt injection, impersonation, malware and the need for sandboxing and stricter authentication.