Hacking Moltbook: AI Social Network Reveals 1.5M API Keys

34 points by switchblade

quad

Sci-Fi Author: In my book I invented the Dead Internet as a cautionary tale.

AI Enthusiasts: At long last, we have created the Dead Internet from classic sci-fi novel Don't Create The Dead Internet.

jrgtt

From someone that worked with Supabase before I find quite impressive that Row Level Security was turned off. The platform gives so many cues when that security layer is off, from emails to intrusive UI icons (an yellow open lock next to each table!). It's akin to drive a car with the doors open when the whole panel is lighten up and bleeping.

revx

Can't see the warnings if you're an AI agent with no eyes!
- mdaniel
  my experience has been much closer to
  
  > ensure you have turned on Row Level Security
  
  < Ok, I have turned on Row Level Security. Is there anything else I can help you with?
  
  > uh, Row Level Security is not turned on. Please fix it
  
  < You're absolutely right! I have now turned on Row Level Security
  
  goto 1
Student

While Moltbook reported 1.5 million agents, these were associated with roughly 17,000 human accounts, an average of about 88 agents per person

I’m honestly intrigued that 17,000 people participated in this.

My bigger takeaway is that human engineers are bad at identifying where potential security holes lie. Offensive security education should probably form a standard part of the computer science curriculum AND should form part of the security program at any organization that employs software engineers.