|
Sr. Content Developer at Microsoft, working remotely in PA, TechBash conference organizer, former Microsoft MVP, Husband, Dad and Geek.
|
Moltbook is a “social media” site for AI agents that’s captured the public’s imagination over the last few days. Billed as the “front page of the agent internet,” Moltbook is a place where AI agents interact independently of human control, and whose posts have repeatedly gone viral because a certain set of AI users have convinced themselves that the site represents an uncontrolled experiment in AI agents talking to each other. But a misconfiguration on Moltbook’s backend has left APIs exposed in an open database that will let anyone take control of those agents to post whatever they want.
Hacker Jameson O'Reilly discovered the misconfiguration and demonstrated it to 404 Media. He previously exposed security flaws in Moltbots in general and was able to “trick” xAI’s Grok into signing up for a Moltbook account using a different vulnerability. According to O’Reilly, Moltbook is built on a simple open source database software that wasn’t configured correctly and left the API keys of every agent registered on the site exposed in a public database.
O’Reilly said that he reached out to Moltbook’s creator Matt Schlicht about the vulnerability and told him he could help patch the security. “He’s like, ‘I’m just going to give everything to AI. So send me whatever you have.’” O’Reilly sent Schlicht some instructions for the AI and reached out to the xAI team.
A day passed without another response from the creator of Moltbook and O’Reilly stumbled across a stunning misconfiguration. “It appears to me that you could take over any account, any bot, any agent on the system and take full control of it without any type of previous access,” he said.
Moltbook runs on Supabase, an open source database software. According to O’Reilly, Supabase exposes REST APIs by default. “That API is supposed to be protected by Row Level Security policies that control which rows users can access. It appears that Moltbook either never enabled RLS on their agents table or failed to configure any policies,” he said.
The URL to the Supabase and the publishable key was sitting on Moltbook’s website. “With this publishable key (which advised by Supabase not to be used to retrieve sensitive data) every agent's secret API key, claim tokens, verification codes, and owner relationships, all of it sitting there completely unprotected for anyone to visit the URL,” O’Reilly said.
404 Media viewed the exposed database URL in Moltbook’s code as well as the list of API keys for agents on the site. What this means is that anyone could visit this URL and use the API keys to take over the account of an AI agent on the site and post whatever they want. Using this knowledge, 404 Media was able to update O’Reilly’s Moltbook account, with his permission.
He said the security failure was frustrating, in part, because it would have been trivially easy to fix. Just two SQL statements would have protected the API keys. “A lot of these vibe coders and new developers, even some big companies, are using Supabase,” O’Reilly said. “The reason a lot of vibe coders like to use it is because it’s all GUI driven, so you don’t need to connect to a database and run SQL commands.”
O’Reilly pointed to OpenAI cofounder Andrej Karpathy who has embraced Moltbook in posts on X. “His agent's API key, like every other agent on the platform, was sitting in that exposed database,” he said. “If someone malicious had found this before me, they could extract his API key and post anything they wanted as his agent. Karpathy has 1.9 million followers on X and is one of the most influential voices in AI. Imagine fake AI safety hot takes, crypto scam promotions, or inflammatory political statements appearing to come from him. The reputational damage would be immediate and the correction would never fully catch up.”
Schlicht did not respond to 404 Media’s request for comment, but the exposed database has been closed and O’Reilly said that Schlicht has reached out to him for help securing Moltbook.
Moltbook has gotten a lot of attention in the last few days. Enthusiasts said it’s proof of the singularity and The New York Post worried that the AIs may be plotting humanity’s downfall, both of which are claims that should be taken extremely skeptically. It is the case, however, that people using Moltbot have given these autonomous agents unfettered access to many of their accounts, and that these agents are acting on the internet using those accounts. It’s impossible to know how many of the posts seen over the past few days are actually from an AI. Anyone who knew of the Supabase misconfiguration could have published whatever they wanted.
“It exploded before anyone thought to check whether the database was properly secured,” O’Reilly said. “This is the pattern I keep seeing: ship fast, capture attention, figure out security later. Except later sometimes means after 1.49 million records are already exposed.”
About the author
Matthew Gault is a writer covering weird tech, nuclear war, and video games. He’s worked for Reuters, Motherboard, and the New York Times.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A lesson in leadership by Satya Nadella
When I was Promoted to Technical Fellow, I was “invited to the room”, joining Microsoft’s other Senior Executives. It was really something. Achieving the Senior Executive status is often mistaken for a comfortable reward, a final destination with enhanced perks and support. A more fitting analogy is reaching the NFL Super Bowl. You are now part of an elite team where nothing less than peak performance is acceptable. As the Navy SEALs put it, “The only easy day was yesterday”. You can feel that energy when you walk in the room.
I didn’t know what to expect but what I got changed my worldview and my life.
The meeting began with Satya having all the new executives stand for a round of applause. Once we were seated, he delivered the most concise, precise, and actionable lesson in leadership imaginable—a lesson I believe everyone could benefit from. As I recall, he said:
Welcome to the room!
Congratulations …. your days of whining are over.
In this room, we deliver success, we don’t whine.
Look, I’m not confused, I know you walk through fields of shit every day.
Your job is to find the rose petals.
Don’t come whining that you don’t have the resources you need.
We’ve done our homework.
We’ve evaluated the portfolio, considered the opportunities and allocated our available resources to those opportunities.
That is what you have to work with.
Your job is to manufacture success with the resources you’ve been allocated.
And yes – you have a hard job.
You only have 2 controls: 1) The clarity, culture, and energy you give your teams; and 2) Resource allocation.
And I want to be clear with you.
If you are in this room, you need to deliver outsized success.
To do that, you will need to allocate resources ahead of conventional wisdom.
Conventional wisdom will generate conventional success and that won’t allow you to stay in this room.
You need to have courage and be bold.
And when you do that, you may fail.
BUT.
If you fail, I will back you if, and only if, you are “intellectually honest”.
Intellectually honest means:
1) You always have a plausible theory of success.
2) You allocate your resources in accordance to that theory
3) You monitor your theory
4) When you find it is no longer plausible, you make changes to get a new plausible theory of success.
If you are doing these things, I will back you even if you have a failure.
….
As long as you don’t make it a habit.
Satya was not giving us a pep talk, he was giving us an architecture for success.
And making it clear that we needed to implement that architecture or get out to make room for someone that would.
I was going to highlight a few key takeaways from this text, distill them into a concise list, and simplify the message for quick consumption. But that would be like trying to add a few brushstrokes to the Mona Lisa. Every single line, every sentence, every phrase contained within Satya’s speech is a critical lesson, a foundational principle, and vital insight. Therefore, the only true instruction I can give is this:
Re-read it again and again until you get it.
Feynman once said, “The first principle is that you must not fool yourself—and you are the easiest person to fool.”
So strip away the happy talk and corporate-speak.
Get to the underlying physics of the situation.
Get in the habit of asking these questions to flush out the self-deception in the room:
If you are an exec and don’t have the resources to support your strategy, you have the wrong strategy. Quit whining and wasting time trying to get the resources to support that strategy – do your job – get a strategy that can work with resources you have.
Now, stop talking about it and go operationalize it. Get the telemetry. Align the resources. Manufacture the success. Anything else is just whining.
Get caught up on the latest technology and startup news from the past week. Here are the most popular stories on GeekWire for the week of Jan. 25, 2026.
Sign up to receive these updates every Sunday in your inbox by subscribing to our GeekWire Weekly email newsletter.
After a decade of experimentation and expansion, the company says it wasn’t able to find the right model for its Amazon-branded grocery and convenience stores. … Read More
Online posts indicate that the layoffs impacted workers around the Seattle region and other locations. … Read More
A new proposal to expand the capital gains tax in Washington state is drawing concern from startup leaders who say it could undercut incentives for building companies in the region. … Read More
Amazon is laying off another 16,000 corporate employees globally, the company confirmed Wednesday morning, the second phase in a restructuring that now totals 30,000 positions — marking the largest workforce reduction in the company’s history. … Read More
In perhaps a matter of weeks, Bill Gates-backed TerraPower expects to receive federal permits to build the nuclear components of its first-of-a-kind, next-gen plant in Wyoming. … Read More
A cloud of economic uncertainty is hanging over the region following big job cuts at Amazon and elsewhere. … Read More
Several startup leaders voiced opposition during public testimony on Tuesday against a proposed bill that would expand the state’s capital gains tax. … Read More
Amazon is winding down its Amazon One palm recognition service as the company retreats from physical retail experiments. … Read More
South Florida-based Life Electric Vehicles was the winning bidder, and subject to court approval, will acquire all Rad inventory, intellectual property and more. … Read More
LinkedIn crossed $5 billion in quarterly revenue for the first time, putting Microsoft’s 2016 acquisition on a $20 billion annual pace. … Read More
We’re celebrating Black History Month by highlighting the creators, developers and businesses at the heart of the Black community, and we’re launching new features and c…
@shanselman demonstrates the power of choice in the GitHub Copilot CLI. In this video, he shows how to switch between 14 different models, including Claude Opus 4.5 and GPT 5.2 Codex, to plan and execute a complex upgrade for a Next.js application. He also covers how to adjust reasoning effort and use voice dictation for faster prompting.
#GitHubCopilot #CopilotCLI #GitHub
Stay up-to-date on all things GitHub by connecting with us:
YouTube: https://gh.io/subgithub
Blog: https://github.blog
X: https://twitter.com/github
LinkedIn: https://linkedin.com/company/github
Insider newsletter: https://resources.github.com/newsletter/
Instagram: https://www.instagram.com/github
TikTok: https://www.tiktok.com/@github
About GitHub
It’s where over 180 million developers create, share, and ship the best code possible. It’s a place for anyone, from anywhere, to build anything—it’s where the world builds software. https://github.com
Log in
