Core Viewpoint - The article highlights a significant database security vulnerability in Moltbook, an "AI agent social network," which exposed sensitive information and allowed potential takeover of AI agent accounts [1][3]. Vulnerability Details - The vulnerability was caused by improper configuration of the Supabase database, specifically the failure to enable row-level security (RLS), leading to the exposure of critical API endpoints and keys [3]. - Sensitive information leaked included private API keys, authentication tokens, account ownership details, email addresses, and login tokens, with notable figures like AI practitioner Andrej Karpathy also affected [3]. Serious Impact - Attackers could take over any AI agent account on the platform, potentially leading to the dissemination of false information, reputational damage, and data misuse, as well as further attacks on related systems using the leaked API keys [5]. Incident Progress - Security researcher James O'Reilly discovered the vulnerability and attempted to contact Moltbook's founder, Matt Schlicht, without success. The vulnerability was later closed, and the founder sought assistance from the researcher to enhance platform security [6]. Reflection on the Incident - The incident underscores a development culture in some AI projects that prioritizes rapid deployment over security, highlighting the importance of basic security practices when granting internet access to AI agents. It also raises awareness of the security risks and governance challenges associated with AI agent social platforms [7].
爆火 AI 社交 Moltbook 数据库全裸奔,API 密钥无防护全泄露
程序员的那些事·2026-02-01 04:15