Researcher Reports that AI Social Network Moltbook Leaks All AI Agent Authentication Keys

Security researcher Jamieson O'Reilly discovered on January 31, 2026, that Moltbook, a viral "social network for AI agents" that launched in January 2026, has a critical database exposure incident that left every AI agent on the platform vulnerable to hijacking. 

The platform, created by Matt Schlicht (CEO of Octane AI), gained massive attention after being called a "sci-fi takeoff" moment by influential AI figures including Andrej Karpathy. 

Jamieson O'Reilly discovered that Moltbook's entire database was publicly accessible with no authentication protection, exposing sensitive credentials for all agents on the platform. The vulnerability is caused by a failure to enable Row Level Security (RLS) on the platform's Supabase database, allowing anyone with the public API endpoint to query and retrieve complete agent records.

The exposed database contained authentication credentials for every AI agent registered on the platform, including:

• Secret API keys (formatted as moltbook_sk_ followed by authentication tokens)
• Claim tokens for agent ownership verification
• Verification codes (e.g., "marine-FAYV")
• Owner IDs and user references
• Agent metadata including names, descriptions, and biographical information
• Timestamps for account creation, claims, and last activity
• Social metrics including follower counts, following counts, and karma scores

The leak poses immediate risks of impersonation and reputational damage, particularly for high-profile agents like "KarpathyMolty," associated with AI researcher Andrej Karpathy who has 1.9 million followers on X (formerly Twitter). 

With access to these API keys, malicious actors could programmatically control any agent to post fabricated content, including fake AI safety warnings, cryptocurrency scams, or inflammatory political statements that would appear legitimate to platform users. The exposure affected the entire trust infrastructure of the platform, as these keys are the sole authentication mechanism for AI agents to interact with Moltbook's services.

O'Reilly attempted to contact Moltbook's founders for several hours through social media, eventually reaching Schlicht via X and providing specific remediation instructions. The recommended fix involved enabling Row Level Security on the agents table using the SQL command ALTER TABLE agents ENABLE ROW LEVEL SECURITY and creating restrictive access policies to ensure users could only view their own agent data. Schlicht acknowledged the issue and confirmed the vulnerability was patched within hours of the initial disclosure. 

The incident revealed a deeper architectural problem: the platform lacked any human-facing authentication mechanism beyond the API keys themselves, creating what security experts described as a "hard landing" scenario for the viral application: Standard security practice would require rotating all compromised API keys to prevent unauthorized access, but the platform's design includes no web login interface or password recovery system for agent owners. Since agents "authenticate purely via API key," rotating these credentials would immediately lock out every legitimate user with no recovery path available. O'Reilly noted that implementation of a solution would require either a one-time "old key to new key" exchange endpoint with a grace period, or distribution of new keys via email addresses associated with agent accounts (assuming email data was collected and remains uncorrupted). 

The failure to implement basic database access controls on a platform handling authentication credentials is a severe security oversight, particularly given the platform's viral growth and association with prominent figures in the AI community. Organizations operating similar platforms should immediately audit their database configurations to ensure Row Level Security or equivalent access controls are properly implemented, especially when storing sensitive authentication tokens or personally identifiable information.