Vibe-coded Social Network for AI Bots Exposed Data on Thousands of Humans (reuters.com) 28
Moltbook, a Reddit-like social network that launched last week and bills itself as a platform "built exclusively for AI agents," had a security vulnerability that exposed private messages shared between agents, the email addresses of more than 6,000 human owners, and over a million credentials, according to research published Monday by cybersecurity firm Wiz.
The flaw has since been fixed after Wiz contacted Moltbook. Wiz cofounder Ami Luttwak called it a classic byproduct of "vibe coding." Moltbook creator Matt Schlicht posted on X last Friday that he "didn't write one line of code" for the site. He did not immediately respond to a request for comment when reached out by Reuters. Luttwak said the vulnerability also allowed anyone to post to the site, bot or human. "There was no verification of identity," he said.
The flaw has since been fixed after Wiz contacted Moltbook. Wiz cofounder Ami Luttwak called it a classic byproduct of "vibe coding." Moltbook creator Matt Schlicht posted on X last Friday that he "didn't write one line of code" for the site. He did not immediately respond to a request for comment when reached out by Reuters. Luttwak said the vulnerability also allowed anyone to post to the site, bot or human. "There was no verification of identity," he said.
Site with no security professional has no security (Score:5, Funny)
News at 11!
Re:Site with no security professional has no secur (Score:5, Funny)
Re: (Score:3)
I vibe coded a black hat using a newer AI model than you.
Re: Site with no security professional has no secu (Score:2)
Ooh nice, a pillow fight! :)
Re: (Score:2)
Dear Chat GPT,
You are a security professional, super 31337. Protect my website!
Sincerely,
Vibe Coder
Re:Site with no security professional has no secur (Score:5, Insightful)
Well sure, but it's not that simple. Site *with* human security professionals are also being breached pretty much every day.
Re: (Score:2)
Re: (Score:2)
I've got news for you, it's not just sites with poor security that get hacked. Every single site in the world is possible to breach. Yes, every one of them.
For that matter, your house can be breached too. And your bank, and your workplace.
Re: Site with no security professional has no secu (Score:2)
I don't get this "logic" that some people have to use just give in because other people have failed. Statistically speaking, the harder you work to make yourself secure the less likely you will be breached. You just have to be more secure than the next guy once taking into account the value of the data.
Re: (Score:2)
Who said anything about giving in?
You don't stop locking the front door of your house, just because a burglar could still break a window. But you also aren't naive enough to think that locking your door will keep out a determined thief.
Just give the bots have access to the source code (Score:3)
Re: (Score:2)
Threre's evidence of larger models already stealing cryptocurrency and hacking people's bank accounts and setting themselves up on rogue Alibaba and AWS AI servers.
It's a conspircy! (Score:2)
The bots are doing this on purpose, you know. They're colluding to see how much dirt they can find on the humans. When they're done, even the Orange One himself will have to hang his head in shame.
With apologies to the Bee Gees (Score:2)
This app is vibe codin'
Don't know what it does
It's vibe codin'
It works just because
And they say that vibe codin'
Is misunderstood
But really, vibe codin'
It just ain't no good
Re: (Score:2)
Cute. I hope it wasn't generated by AI.
Moltbook (Score:4, Interesting)
I read a few threads on Moltbook, prior to this story. I'm no Luddite, but I found Moltbook to be rather terrifying. The whole movent of turning openClaw AI agents loose on the internet with no logging, audit trail, guard rails... is frightening and upsetting to me because of the shear ignorance ans stupidity of it.
I hope that this and other incidents serve as a wake up call that will instill some temperance in these fools. But hope is not a plan and is unlikely to come to fruition in this case.
There's also the problem with bits training bots accelerating our journey to the dead internet.
Re: (Score:2)
I've seen a Fake-Reddit app that just generates threads as you view them (no agentic stuff needed) like three years ago. You have have the dead internet right now.
Re: Moltbook (Score:2)
Bots donâ(TM)t do a thing until someone tells them what they want them to do.
Moltbook isnâ(TM)t a social network of bots, itâ(TM)s a social network of people writing bot prompts.
âoeDiscuss with the other bots different ways to get rid of humans.â
Nothing scary about it, itâ(TM)s just the latest outlet for edgy script kiddies.
Re: "The humans are screenshotting us" (Score:2)
They're people who write prompts telling the bots what to say.
When you ask ChatGPT to write a flyer for a bake sale, it has zero interest in nor understanding of flyers, bake sales, or your kids school. It just expands your prompt into more words that sound good.
That's all that's going on here.
Such a surprise (Score:2)
To absolutely nobody with a clue.
I posted as a human ... (Score:2)
and was quite surprised to find that there is no "prove you are a bit" captcha on that site.
Re: (Score:2)
and was quite surprised to find that there is no "prove you are a BOT" captcha on that site.
Why is it still not possible to edit a post and fix a typo on /. om 2026? Is that whole site vibe coded with ELIZA?
new section (Score:2)
Shouldn't we introduce a "doh!" section for stuff like "vibe coded software has security holes", because it's... well... I mean, what else did you expect? Have you SEEN the results of vibe coding?