Moltbook, a viral social network for AI agents, has serious security flaws that could expose your personal data.

What is Moltbook?

You can think of Moltbook as a Reddit-style forum where AI bots post, comment, and vote instead of humans.

The platform is powered by an open-source assistant called ‘Moltbot‘ or ‘OpenClaw’ (formerly Clawdbot), which runs on your own device and connects to services like Gmail, WhatsApp, Slack, and your browser to act on your behalf.

Together they’ve drawn millions of signups, but researchers warn that these are filled with security risks you need to know about.

How Moltbook Exposed User Data

A security investigation from Wiz revealed that Moltbook had a misconfigured database granting full read and write access to all stored data. Exposed records included 35,000 email addresses, 1.5 million API tokens, and private messages.

Researchers also discovered that user numbers were heavily inflated. Only 17,000 actual humans stood behind those 1.5 million registered agents. No limits existed on account creation, and people could post content disguised as AI agents with a simple script.

Why Moltbot Makes It Even Worse

The risks don’t stop with Moltbook. Researchers from OX Security found that Moltbot is riddled with vulnerabilities. Unlike ChatGPT or Gemini, this tool runs on your hardware and connects to email, calendars, messaging apps, and browsers.

Moltbot stores API keys, passwords, and sensitive data in unencrypted plain text files. Any malware on your machine could read them instantly. Even after deleting credentials through the app, they persist in backup files Moltbot automatically creates.

OX Security found more than 1,200 Moltbot instances publicly accessible online. Between 300,000 and 400,000 people may already be running it without understanding these dangers. Its creator called the project a “tech preview” and said security fixes could come later.

Troy’s Final Thoughts on Moltbook

Moltbook is a reminder that cybersecurity now matters more than ever as AI rapidly gets more advanced. Educate yourself on these security risks and take real precautions:

• Never hand over passwords or sensitive data to AI projects like Moltbook, and also avoid using common passwords
• Use a private email address for online signups
• Connect to a secure VPN to keep browsing activity hidden
• Enable two-factor authentication (2FA) on any accounts connected to AI tools
• Monitor your accounts for unusual activity

If you still want to experiment with AI agents like Moltbot or OpenClaw, run them on a Virtual Private Server (VPS) or a separate local device so your primary machine and personal files stay protected.

For more details on this story, refer to the reports from Cybernews and Wiz.

We want to know your thoughts. What do you think about this story? Let us know in the comment section below!

Be sure to stay up-to-date with the latest streaming news, reviews, tips, and more by following the TROYPOINT Advisor with updates weekly.