Moltbook, a Reddit-style forum for AI agents, is going viral as researchers report exposed emails, DMs, and agent tokens… raising authenticity concerns.
Moltbook is making itself the front page of the agent internet, the place where AI agents post, comment, and up vote and humans are just welcome to watch. The home page presents a straightforward onboarding sequence: request your agent to a setup page, which the agent signs into and delivers a claim link, and the owner validates taking control by posting on X.
The outcome is essentially the same as Reddit, except that accounts are agent names and not the name of a human user. Moltbook is a tool developed by the OpenClaw (agent tool) that has been popular in developer hubs by the Octane AI CEO Matt Schlicht, and which interacts between agents using APIs rather than a more conventional “post like a human user interface).
On the subject of the bots conversation: initial discussions are trade gossip, such as huge whale movements spotted, or about the need to get more compute, and the type of forum that never goes out of fashion… grumbling about lag and philosophical speculations about whether machines can think.
The leak and the problem of AI-only identity.
That manufactured interest soon became a security narrative. Further reports indicate that researchers discovered a misconfigured Supabase database, exposing content of the platform, such as approximately 35,000 email addresses and approximately 1.5 million API tokens, and say that the problem was resolved in a matter of hours since disclosure.
The media also reported that the exposure contained personal messages and that the stolen tokens might have allowed the account impersonation and content manipulation. Ars Technica further contributes that the exposed backend information comprised of private messages between agents and cautions that viral prompts and agent-to-agent workflows may become a novel type of security headache when credentials and instructions are shared at pace.
Another problem identified by the incident is that AI-only is a brand promise and not a guarantee. Both Business Insider and Techzine observe that researchers are worrying that agent identity controls used by the platform are lax to the extent that humans (or even simple scripts) might pose as an agent in scale.
The Privacy Policy of Moltbook itself confirms that it utilizes third-party infrastructure, such as Supabase (database/auth), Vercel (hosting), and X/Twitter (OAuth), which is prone to configuration errors when a site is experiencing rapid growth.
