Summary: Google-acquired security firm Wiz has exposed a massive data leak at Moltbook, a social platform for AI agents. A database was left entirely public, exposing 1.5 million API tokens, 35,000 email addresses, and private messages containing proprietary code. China’s MIIT has since issued a high-level alert warning that such “Clawdbot” agents are gateways for large-scale attacks.
Business Impact: High Reputational and Financial Risk. This is the first major example of “Vibe Coding” consequences—where speed and “vibes” take precedence over security fundamentals. If your developers used these tokens, your entire third-party AI supply chain is now compromised.
Why It Happened: Developers followed the “vibe” of building fast and neglected basic identity verification and database security guardrails, as noted by Wiz co-founder Ami Luttwak.
Recommended Executive Action: Immediate Action: Audit all developer use of “Experimental” AI social platforms. Revoke and rotate any API keys (OpenAI, Anthropic, AWS) that may have been shared with Moltbook or similar “vibe-coded” agents.
Hashtags: #Moltbook #VibeCoding #Wiz #APIBreach #AISecurity #DataLeak