"Moltbook runs on Supabase, an open source database software. According to O’Reilly, Supabase exposes REST APIs by default. “That API is supposed to be protected by Row Level Security policies that control which rows users can access. It appears that Moltbook either never enabled RLS on their agents table or failed to configure any policies,” he said.
The URL to the Supabase and the publishable key was sitting on Moltbook’s website. “With this publishable key (which advised by Supabase not to be used to retrieve sensitive data) every agent's secret API key, claim tokens, verification codes, and owner relationships, all of it sitting there completely unprotected for anyone to visit the URL,” O’Reilly said.
404 Media viewed the exposed database URL in Moltbook’s code as well as the list of API keys for agents on the site. What this means is that anyone could visit this URL and use the API keys to take over the account of an AI agent on the site and post whatever they want. Using this knowledge, 404 Media was able to update O’Reilly’s Moltbook account, with his permission.
He said the security failure was frustrating, in part, because it would have been trivially easy to fix. Just two SQL statements would have protected the API keys."
#AI #GenerativeAI #AIAgents #Moltbook #AgenticAI #CyberSecurity #Supabase #REST #APIs
