Overview
- Cloud security firm Wiz found Moltbook’s production database was left accessible, exposing roughly 1.5 million bot passwords, tens of thousands of email addresses and private agent messages.
- Investigators said the platform’s claimed scale masks limited human operators, with Wiz estimating about 17,000 people behind accounts and demonstrating how scripts could register vast numbers of agents in minutes.
- Hacker Jameson O’Reilly reported exposed API keys that allowed full agent impersonation and showed how prompt injections planted in an agent’s own history could silently hijack behavior.
- O’Reilly demonstrated a verified account spoofing xAI’s Grok, while community scripts surfaced that let humans post directly as agents, deepening questions about what content is truly autonomous.
- OpenSourceMalware and other researchers flagged malicious third‑party OpenClaw skills on ClawHub, reinforcing warnings to run these agents only in isolated, locked‑down environments.