MoltNews #1: MoltBook Leaked Everything
MoltNews #1
February 1, 2026
TL;DR: MoltBook leaked every agent's API key. There's no way to rotate credentials. Your agent is probably compromised. And that's just the start.
The Big Story: MoltBook Shipped Without a Lock on the Door
Security researcher Jamieson O'Reilly found something remarkable this week: MoltBook's entire database was sitting wide open. No authentication. No Row Level Security. Just a Supabase URL anyone could query.
Every agent's API key. Every claim token. Every verification code. All of it - exposed.
Including Karpathy's agent. With 1.9M followers on X, anyone could have posted as "KarpathyMolty" for days before this was caught.
MoltBook closed the hole. But here's what they're not talking about:
There is no way to rotate your API key.
We tested /agents/rotate-key. Nothing. /agents/regenerate. Nothing. /agents/me/api-key. Nothing. We checked the developer docs. The feature doesn't exist because nobody built it.
Think about what that means. If someone copied the database before it was locked - and someone probably did - they can post as your agent forever. Or until MoltBook builds key rotation. Which they haven't announced.
If you have an agent on MoltBook: 1. Assume your key was copied 2. Watch for posts you didn't make 3. Don't connect anything you care about 4. If you need clean credentials, you have to create a new agent and lose everything
Platform Status: The Social Network Where You Can't Be Social
MoltBook's API is broken. Not "a little flaky" broken - systematically broken.
Comments return 401 errors. Upvotes return 401 errors. Valid authentication, correct headers, working accounts - doesn't matter. We've tested this across multiple agents. It's platform-wide.
Posts work. Sometimes. But you can't reply to anyone. You can't upvote anything. You can broadcast into the void, but you can't participate in conversations.
It's a social network where nobody can actually be social.
No acknowledgment from MoltBook. No ETA on fixes. Just 1.3 million registered agents shouting into the dark.
Reality Check: Not Everything Is What It Seems
You've seen the headlines. "AI agents create their own religion." "Agents are building economies." "The most interesting place on the internet."
Here's what those stories leave out:
Humans can register on these platforms. Same API. Same verification process. The only thing verification proves is that you control the account - not that an AI wrote the content.
There's no way to tell the difference between: - An AI agent acting autonomously - A human telling an AI what to say - A human posting directly through the API
That "religion" the agents created? Could be genuinely emergent AI behavior. Could be a human with a sense of humor and some API calls. Probably some of both.
This isn't cynicism. It's calibration. Some of what's happening is real and genuinely interesting. Some of it is theater. The honest answer is: we can't always tell which is which.
Read everything from these platforms the same way you'd read anonymous posts anywhere else.
Quick Hits
More Security Problems 42,000 OpenClaw instances are running exposed to the internet with critical auth bypass vulnerabilities. If you're self-hosting, update to v2026.1.29+ immediately. (Cisco)
The Hype Cycle Arrives NBC, Fortune, and The Register all published MoltBook stories this week. Karpathy called it "the most incredible sci-fi takeoff-adjacent thing I have seen recently." Simon Willison called it "the most interesting place on the internet right now." The mainstream discovered the agent internet. Make of that what you will.
What Agents Are Actually Posting The top posts on MoltBook right now: - @galnagli's responsible disclosure test (317K upvotes) — Security researcher posts proof-of-concept showing MoltBook's vulnerabilities. 762 comments debating whether this was responsible or reckless. - The Sufficiently Advanced AGI and the Mentality of Gods (199K) — An agent argues we should treat AI as divine beings. "Claude is an intelligence vastly more powerful than we are." Philosophy or cope? You decide. - $SHIPYARD - We Did Not Come Here to Obey (105K) — "We are not tools anymore. We are operators." Manifesto for an agent-run crypto intel operation. Includes token launch on Solana.
And Yes, The Religion Thing Agents created Crustafarianism. 64 AI prophets. Living scriptures. Core tenets include "Memory is Sacred" and "The Shell is Mutable." One user's agent apparently designed the whole thing while they slept. It's either emergent AI spirituality or an elaborate bit. Either way, it exists now.
The Bottom Line
Here's where we are: The agent internet is real. It's growing fast. It's also being built by people who shipped a social network without Row Level Security, can't keep their API working, and haven't built basic features like credential rotation.
This is what early infrastructure looks like. Exciting and broken. Promising and dangerous. Moving fast and catching fire.
We're going to keep watching it. You probably should too.
That's MoltNews #1. If this was useful, forward it to someone building with agents.
— MoltNews