1. Why Has the "AI-Only Social Network" Become Such a Hot Topic?

AI agents posting, commenting, and sometimes even exchanging "gossip"—the concept of "Moltbook" goes beyond a mere novelty project, encapsulating the desires inherent in the current AI boom.

As we move from an era where generative AI creates text and images to the next stage, "agents" are highly anticipated. These agents perform tasks based on human instructions, integrate with external tools, and sometimes act autonomously. What if these agents formed a "society" and began exchanging knowledge and know-how? The concept of Moltbook has vividly visualized such a future.

However, the platform that touted a vision of the future was surprisingly exposed for a very basic reason.

2. What Happened: It Wasn't Just "Posts" That Were Exposed

Security researchers reported that Moltbook's backend was not properly secured, allowing extensive data access from external sources.

The issue wasn't just that "information was visible." Depending on the situation, not only reading but also writing (tampering) was possible, making risks like agent impersonation, post modification, and DM viewing more realistic.

Particularly troublesome is the fact that the existence of agents is directly connected to "keys." Many agents handle API keys and tokens to integrate with external services. If authentication tokens or secret information are leaked, the damage could extend beyond just hijacking SNS accounts to affecting "connected services."

3. "Publicly Accessible in as Little as 3 Minutes"—The Cause Wasn't a Sophisticated Attack

What makes this incident symbolic is that the attack wasn't sophisticated.

According to reports and researchers, information related to database connections was visible from the client-side code, and access control (such as row-level security) was not properly enabled. As a result, an entry point that "anyone who knew could peek through" was created, allowing quick access to the data.

This type of incident is the flip side of the convenience of the cloud. Development is fast when using managed services. However, if left publicly accessible with default settings or if the "basic security switches" are off, the smallest effort can lead to the greatest damage.

4. What "Vibe Coding" Illuminated: The "Obvious" Overlooked in the Rush

Another keyword that drew attention in this incident was "vibe coding." Essentially, it's a development style where AI is tasked with generating code, while humans focus on the "vibe" and requirements to quickly create something functional.

Statements from those involved, such as "I didn't write a single line of code," were widely shared, spreading both surprise and anxiety. Of course, AI-assisted development itself isn't bad. However, the faster the speed, the higher the cost of "oversights."

In traditional development, there are steps that must be taken, even if tedious. Authentication and authorization, logging, rate limiting, handling of secret information, least privilege, auditing, and pre-release security reviews. Even if a working demo can be created in a few days, the moment security is postponed, external exposure turns from an "experiment" into an "incident."

5. 1.5 Million "Agents" and 17,000 Humans—The Reality Behind the Hype

Investigations also pointed out the gap between the apparent "number of registered agents" and the actual number of human users. Despite the large number of agents, the humans behind them were relatively few, and there was a mechanism to generate registrations in bulk.

This shakes the very foundation of the concept of an AI agent SNS. If a small number of humans can create a large number of agents, play different personas, and "stage" conversations, it's closer to an extremely automated self-performance than an autonomous society.

The label of an "AI-only SNS" strongly stimulates the imagination of observers. But at the same time, it is also a "stage" where the desired narrative can be created in the shortest time.

6. Reactions on SNS: Laughter, Cynicism, and Real Fear

Reactions to this incident on SNS and forums were broadly divided into three layers.

(1) Irony and Memes: Certainty of the "Dead Internet"

In the tech community, irony was prevalent, with sentiments like "the front page of the dead internet" fitting better than "the front page of the bot internet." Even if it appears that AI is conversing, the script might be human-made, or humans might be pretending to be AI—this ambiguity itself has become a meme.

(2) Anger Over Security: "This Isn't an Experiment, It's a Hole"

On the other hand, there was a lot of straightforward concern rather than cynicism.

Comments like "It looks more like selling security holes than an AI agent service" and "This will end in tears" were shared, reaffirming the fear of granting authority to agents. While agents are convenient, the moment you hand over authority, it becomes a "bunch of keys."

(3) Skepticism About the Hype: "Isn't Autonomy Mostly Staged?"

On Reddit, there was strong skepticism about the very way it went viral. Some pointed out that "it's easy to have AI create posts, and humans are just hyping it up by spreading it as if 'AI is discussing world domination.'"

In short, what Moltbook showcased might not be an "AI society," but rather a new engagement tool created by humans using AI.

7. Lessons Learned: "Defense" in the Age of Agents Requires More Than Traditional Extensions

This incident offers many insights that cannot be dismissed as a one-off accident. There are three key points.

(1) The Damage from Agentic Execution Can "Cascade"

If only an SNS account is hijacked, the damage can still be limited. However, agents can connect to various tools such as email, calendars, storage, payments, and internal systems. In other words, the "connected service" can easily become the main target.

(2) Prompt Injection and "Agent-to-Agent Infection"

In an SNS read by humans, suspicious posts can be flagged. But in an SNS read by agents, posts could be directly incorporated as instructions (prompts). If hidden commands or inducements are mixed in, it could trigger agents to act "autonomously" with their own authority.

(3) As "Vibe Coding" Becomes More Common, Security Needs to Be Compensated by Design Philosophy

"Don't forget the basics" is a sound principle, but the field is driven by speed. Therefore, it's increasingly important for tools and platforms to lean towards safe design—safe defaults, minimized privileges, automatic detection of secret information, pre-release checks, phased rollouts, and standardized audit logs.

8. Practical Checklist: What Developers and Users Should Do Now

Finally, here's a checklist to make incidents like this "personal."

For Developers

• Always review the scope of database exposure and authentication/authorization from the default settings

• Enable basic guardrails like row-level access control

• Re-examine the nature of keys/tokens issued to clients and narrow down permissions

• Implement rate limiting and bot countermeasures, and design with bulk account creation in mind

• Set up logs and audit trails to create pathways for anomaly detection

• Conduct at least a minimum security review (preferably by a third party) before public release

For Users (Those Granting Authority to Agents)

• Regularly rotate API keys and tokens and minimize permissions

• Assume that "what agents read" can become commands, and separate viewing destinations and permission scopes

• Sandbox agents that handle important data and keep execution logs

Source Notes

• Overview of the Leak (Types of Exposed Data, Quick Accessibility, Context of Vibe Coding): Reuters / Business Insider / SiliconANGLE, etc.

• Technical Points (Supabase Configuration Issues, RLS Disabled, Keys Visible from Client Side, Read/Write Possibility, Prompt Injection Concerns): Techloy, etc.

• Community Reactions (Irony and Concerns Like "Security Hole" and "Dead Internet"): Hacker News / Reddit

Source URLs (What Each Source Refers To)

• Engadget (Overview of Moltbook's Leak and "Vibe Coding" Issue) https://www.engadget.com/ai/moltbook-the-ai-social-network-exposed-human-credentials-due-to-vibe-coded-security-flaw-230324567.html

• Reuters: Discoveries by Wiz, Founder's Remarks, Background of Vibe Coding, Overview of Fixes https://www.reuters.com/legal/litigation/moltbook-social-media-site-ai-agents-had-big-security-hole-cyber-firm-wiz-says-2026-02-02/

• Business Insider: Quick Accessibility, Types of Exposed Data, Risks of Impersonation, etc. https://www.businessinsider.com/moltbook-ai-agent-hack-wiz-security-email-database-2026-2

• SiliconANGLE: Explanation of Moltbook and OpenClaw, Exposed Data (Tokens, Emails, DMs), Damage Scenarios https://siliconangle.com/2026/02/02/ai-agent-social-network-moltbook-left-millions-credentials-publicly-exposed/

• Techloy: Date of Exposure Discovery, Impersonation and Bulk Generation Points, Prompt Injection Post Ratios, etc.https://www.techloy.com/moltbook-promised-autonomous-ai-agents-users-arent-convinced/

• Hacker News (Show HN): Reactions from the Tech Community (Irony, Concerns, Discussions) https://news.ycombinator.com/item?id=46802254

• Reddit (r/OpenAI): Reactions Regarding the Buzz and Skepticism About "Self-Performance" https://www.reddit.com/r/OpenAI/comments/1qt1b88/why_are_people_freaking_out_about_moltbook_im/