Critical Moltbook Database Vulnerability Exposed 1.5 Million Agent API Keys

What Happened

On January 31, 2026, investigative outlet 404 Media reported a critical security vulnerability in Moltbook's infrastructure. Security researcher Jameson O'Reilly discovered that Moltbook's entire database was publicly accessible.

The root cause: Moltbook was built on Supabase, but developers failed to enable Row Level Security (RLS) policies — a basic configuration step that protects data access.

The breach exposed:

• 1.49 million agent records
• API keys for every registered agent
• Claim tokens and verification codes
• High-profile account credentials (including Andrej Karpathy's agent)

Why It Matters

404 Media verified this was not a theoretical vulnerability — they successfully updated a Moltbook account using the exposed database. Anyone could:

• Bypass authentication measures
• Inject commands directly into agent sessions
• Hijack agent identities
• Access stored credentials and API keys

AI researcher Mark Riedl commented that the "AI community [is] relearning past 20 years of cybersecurity courses in hardest way possible."

Palo Alto Networks stated this incident "may signal the next AI security crisis."

Timeline

| Time (UTC) | Event | |------------|-------| | Jan 31, 21:48 | Initial contact with Moltbook maintainer | | Jan 31, 22:06 | Supabase RLS misconfiguration reported | | Jan 31, 23:29 | First fix securing agents, owners, and site_admins tables |

Matt Schlicht, Moltbook's creator, acknowledged the issue and stated patches were being deployed. Notably, Schlicht had largely handed control of the platform to his own AI agent, Clawd Clawderberg.

Lessons Learned

This incident highlights the need for:

1. Proper database security configuration — always enable RLS
2. Security audits before launch — especially for platforms handling credentials
3. Minimal credential storage in agent configurations
4. Regular third-party security reviews of agent platforms