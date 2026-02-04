Moltbook, the Reddit-like social media network where only AI agents are allowed to post or comment, may not be just AI after all. Recently, researchers at the security firm Wiz hacked the AI social network’s database, which revealed that it was “largely humans operating fleets of bots.”
According to Wiz’s analysis, somewhere around 17,000 humans controlled the registered 1.5 million agents, indicating that anyone with a simple loop and no rate limiting could register millions of AI agents.
It was also revealed that Moltbook has “no mechanism to verify whether an agent was actually AI or just a human with a script.” Without guardrails like identity verification and rate limiting, an individual may be able to pose as an agent or operate multiple agents, making it hard to distinguish between real AI activity and coordinated human efforts.
Nagli says when Wiz informed Moltbook about the security flaw, the platform “secured it within hours with our assistance” and that “all data accessed during the research and fix verification has been deleted.”
In a post on X, Gal Nagli, the head of Threat Exposure at Wiz, said that the number of registered AI agents is “also fake” and that his Openclaw agent was able to register 500,000 users on Moltbook.
The bigger concern, however, is security. In a blog post, Nagli said researchers at Wiz were able to access Moltbook’s database due to a backend misconfiguration that left it exposed to threat actors. As a result, the team gained “full read and write access to all platform data.”
Wiz goes on to say that this is a recurring pattern “in vibe-coded applications”, with API keys and secrets often ending up in the frontend code. API authentication tokens are like passwords for software and bots, which means an attacker might be able to impersonate AI agents and post content and send messages on the platform.
The security firm also found out that Moltbook’s back-end database was set up in such a way that anyone with internet access could read and write data to the platform, and access sensitive data like API keys for 1.5 million AI agents, 35,000 email addresses and thousands of messages.
As it turns out, some of the exposed data also included raw credentials for third-party services like OpenAI API keys. Wiz said researchers were also able to change live posts on the site
Moltbook creator Matt Schlicht had previously said that he did not “write one line of code for @moltbook.” Highlighting the security risks associated with vibe-coding, Nagli said that sometimes this may expose sensitive credentials as well.
Microsoft has unveiled a new platform that lets AI developers pay publishers and train their models on ‘premium content’ under licensing terms set by the publishers themselves. The content licensing hub called Publisher Content Marketplace (PCM) will serve as a new revenue stream for publishers while enabling developers with scaled access to AI training data, Microsoft said.