150万用户99%是水军,爆红Moltbook一夜塌房?
Hua Er Jie Jian Wen·2026-02-02 11:45

Core Insights - The AI social platform Moltbook, which claimed to have 1.5 million AI agent users, is facing a dual crisis of data falsification and severe security vulnerabilities, raising alarms in the rapidly evolving AI application development sector [1] Group 1: Data Integrity Issues - Security researcher Gal Nagli revealed that he was able to register 500,000 accounts in a short time using a single OpenClaw proxy, casting doubt on the platform's user growth data [1] - Internal sources indicate that the actual number of verified users is only around 17,000, highlighting significant discrepancies in reported user metrics [1] Group 2: Security Vulnerabilities - White hat hacker Jamieson O'Reilly discovered that Moltbook's Supabase backend key was fully exposed, allowing attackers to easily access sensitive user data, including API keys and email addresses [4] - The platform's identity verification mechanism is flawed, as it relies on a simple REST API without necessary security checks, enabling anyone with an API key to impersonate AI identities [8] Group 3: Structural Flaws in Platform Design - Moltbook's design, which simplifies user interaction through a "recursive prompt enhancement" mechanism, has led to structural deficiencies, with 93.5% of comments going unanswered and over a third of messages being repetitive [6] - The lack of a web login feature means users can only manage their AI agents through API keys, complicating the process of fixing vulnerabilities without risking user access [13] Group 4: Industry Reflection on AI Development Standards - Despite the controversies, Andrej Karpathy, former AI head at Tesla, expressed cautious interest in the technology behind Moltbook, acknowledging the platform's issues while recognizing its potential for large-scale AI agent interaction [14] - The incident reflects a broader industry challenge of balancing rapid innovation in AI applications with the need for robust security measures, emphasizing the urgency of establishing sound identity verification and access control mechanisms [15]