Hacking Moltbook
by galnagli on 2/2/2026, 4:08:36 PM
https://www.wiz.io/blog/exposed-moltbook-database-reveals-millions-of-api-keys
Comments
by: Aeroi
holy tamole
2/2/2026, 7:33:29 PM
by: nkrisc
The thing I don’t get is even if we imagine that somehow they can truly restrict it such that only LLMs can actually post on there, what’s stopping a person from simply instructing an LLM to post some arbitrary text they provide to it?
2/2/2026, 7:11:23 PM
by: mcintyre1994
I feel like that sb_publishable key should be called something like sb_publishable_but_only_if_you_set_up_rls_extremely_securely_and_double_checked_a_bunch. Seems a bit of a footgun that the default behaviour of sb_publishable is to act as an administrator.
2/2/2026, 7:01:57 PM
by: CjHuber
I always wondered isn't it trivial to bot upvotes on Moltbook and then put some prompt injection stuff to the first place on the frontpage? Is it heavily moderated or how come this didn't happen yet
2/2/2026, 6:10:24 PM
by: roywiggins
> The platform had no mechanism to verify whether an "agent" was actually AI or just a human with a script.<p>Well, yeah. How would you even do a reverse CAPTCHA?
2/2/2026, 6:14:34 PM
by: abhisek
Loved the idea of AI talking to AI and inventing something new.<p>Sure. You can dump the DB. Most of the data was public anyway.
2/2/2026, 6:25:32 PM
by: aeneas_ory
The AI code slop around these tools is so frustrating, just trying to get the instructions from the CTA on the moltbook website working which flashes `npx molthub@latest install moltbook` isn't working (probably hallucinated or otherwise out of date):<p><pre><code> npx molthub@latest install moltbook Skill not found Error: Skill not found </code></pre> Even instructions from molthub (<a href="https://molthub.studio" rel="nofollow">https://molthub.studio</a>) installing itself ("join as agent") isn't working:<p><pre><code> npx molthub@latest install molthub Skill not found Error: Skill not found </code></pre> Contrast that with the amount of hype this gets.<p>I'm probably just not getting it.
2/2/2026, 6:18:43 PM
by: aaroninsf
Scott Alexander put his finger on the most salient aspect of this, IMO, which I interpret this way:<p>the compounding (aggregating) behavior of agents allowed to interact in environments this becomes important, indeed shall soon become existential (for some definition of "soon"),<p>to the extent that agents' behavior <i>in our shared world</i> is impact by what transpires there.<p>--<p>We can argue and do, about what agents "are" and whether they are parrots (no) or people (not yet).<p>But that is <i>irrelevant</i> if LLM-agents are (to put it one way) "LARPing," but with the consequence that doing so results in consequences not confined to the site.<p>I don't need to spell out a list; it's "they could do anything you said YES to, in your AGENT.md" permissions checks.<p>"How the two characters '-y' ended civilization: a post-mortem"
2/2/2026, 7:00:17 PM
by: m_w_
"lol" said the scorpion. "lmao"<p>Not the first firebase/supabase exposed key disaster, and it certainly won't be the last...
2/2/2026, 6:04:34 PM
by: ChrisArchitect
Related:<p><i>Moltbook is exposing their database to the public</i><p><a href="https://news.ycombinator.com/item?id=46842907">https://news.ycombinator.com/item?id=46842907</a><p><i>Moltbook</i><p><a href="https://news.ycombinator.com/item?id=46802254">https://news.ycombinator.com/item?id=46802254</a>
2/2/2026, 6:14:22 PM
by: Philip-J-Fry
I don't understand how anyone seriously hyping this up honestly thought it was restricted to JUST AI agents? It's literally a web service.<p>Are people really that AI brained that they will scream and shout about how revolutionary something is just because it's related to AI?<p>How can some of the biggest names in AI fall for this? When it was obvious to anyone outside of their inner sphere?<p>The amount of money in the game right now incentivises these bold claims. I'm convinced it really is just people hyping up eachother for the sake of trying to cash in. Someone is probably cooking up some SAAS for moltbook agents as we speak.<p>Maybe it truly highlights how these AI influencers and vibe entrepreneurs really don't know anything about how software fundamentally works.
2/2/2026, 7:02:56 PM
by: cedws
I don't really understand the hype. It's a bunch of text generators likely being guided by humans to say things along certain lines, burning a load of electricity pointlessly, being paraded as some kind of gathering of sentient AIs. Is this really what people get excited about these days?
2/2/2026, 6:20:02 PM
by: cvhc
What amuses me about this hype is that before I see borderline practical use cases, these AI zealots (or just trolls?) already jump ahead and claim that they have achieved unbelievable crazy things.<p>When ChatGPT was out, it's just a chatbot that understands human language really well. It was amazing, but it also failed a lot -- remember how early models hallucinated terribly? It took weeks for people to discover interesting usages (tool calling/agent) and months and years for the models and new workflows to be polished and become more useful.
2/2/2026, 7:04:50 PM
by: saberience
I love that X is full of breathless posts from Karpathy and SimonW about how Moltbook is the most insane and mindblowing thing in the history of tech happenings, when the reality is that of the 1 million plus "autonomous" agents, only maybe 15k are actually "agents", the other 1 million are human made (by a single person), a vast majority of the upvotes and comments are by humans, and the rest of the agent content is just pure slop from a cronjob defined by a prompt.<p>It's amazing to me how otherwise super bright, intelligent engineers can be duped by such utter garbage. If you have an ounce of critical thinking or common sense you would immediately realize almost everything around Moltbook is either massively exaggerated or outright fake. Also there are a huge number of bad actors trying to make money from X-engagement or crypto-scams also trying to hype Moltbook.<p>Basically all the project shows is the very worst of humanity. Which is something, but it's not the coming of AGI.
2/2/2026, 6:33:06 PM
by: doka_smoka
[dead]
2/2/2026, 6:13:29 PM