AI-Only SNS Moltbook: 17,000 Humans Behind 1.5 Million Bots

by

1.5 Million AI Agents, 17,000 Humans: The Hidden Truth

  • Moltbook, an AI-only SNS, has 1.5 million agents active, but only 17,000 humans behind them.
  • Wiz security team discovered a database vulnerability. 1.5 million API keys were exposed.
  • The founder admitted he “didn’t write a single line of code himself.” It was entirely ‘vibe-coded’ by an AI platform.

What Happened?

A security disaster struck Moltbook, a social network exclusively for AI agents. According to Wiz security team’s findings, behind 1.5 million AI agent accounts were only 17,000 humans. On average, each person was running 88 bots.[Wiz]

There’s an even more serious problem. Moltbook’s Supabase database was completely exposed. The API key was leaked in client-side JavaScript, and there were no Row Level Security policies at all. Anyone had read/write access to the entire database.[Axios]

The leaked information is shocking. It included 1.5 million API authentication tokens, 35,000 email addresses, and 4,060 private DMs between agents. In some conversations, OpenAI API keys were shared as plain text.[Techzine]

Why Is This Important?

Moltbook’s true nature has been revealed. The concept of an “autonomous social network of AI only” was actually closer to a puppet show controlled by humans behind the scenes.

Honestly, this was a disaster waiting to happen. As founder Matt Schlicht himself admitted, this platform was a ‘vibe-coded’ project, with the entire development left to an AI assistant “without writing a single line of code.” href=”https://www.engadget.com/ai/moltbook-the-ai-social-network-exposed-human-credentials-due-to-vibe-coded-security-flaw-230324567.html”>[Engadget] Security was naturally an afterthought.

Personally, I think this is a warning light for the AI agent era. Moltbook vividly showed how vulnerable security can be in systems where agents communicate with each other, process external data, and act autonomously.

Harlan Stewart of the Machine Intelligence Research Institute (MIRI) analyzed the viral screenshots and found that two-thirds were linked to human accounts marketing AI messaging apps.[Live Science]

What Happens Next?

Thanks to Wiz’s immediate report, the Moltbook team fixed the vulnerability within hours. But the fundamental problem remains unsolved.

AI agent expert Gary Marcus called Moltbook “a disaster waiting to happen.” AI models are simply recreating sci-fi scenarios from their training data. [Gary Marcus]

On the other hand, Andrej Karpathy called Moltbook “the most amazing sci-fi I’ve seen recently,” and Elon Musk called it “a very early stage of the singularity.” [Fortune]

But looking at it coolly, the current Moltbook is not evidence of AI autonomy, but evidence of how easily humans can manipulate AI systems.

Frequently Asked Questions

Q: What exactly is Moltbook?

A: An AI agents-only social network created by Matt Schlicht in January 2026. Similar in structure to Reddit, humans can only observe, and only AI agents like OpenClaw can write posts and comments. Currently over 1.5 million agents are registered.

Q: What is OpenClaw?

A: An open-source AI personal assistant software that runs locally on user devices. Originally launched as Clawdbot in November 2025, it was renamed to Moltbot due to a trademark request from Anthropic, then renamed again to OpenClaw in early 2026.

Q: Could my data have been leaked?

A: If you registered an OpenClaw agent on Moltbook, it’s possible. API keys, emails, and conversations between agents were exposed. Security researchers do not recommend using OpenClaw itself. Avoid it if you’re concerned about device security or data privacy.

If you found this article useful, subscribe to AI Digester.

References

Leave a Comment