Descriptions:
Nick Saraev breaks down a serious security breach affecting Moltbook, the AI agent social network formerly known as Claudebot, in which a researcher gained complete database access in under three minutes. The attacker exploited a total absence of authentication on post endpoints and no row-level security (RLS) on the database, obtaining read and write access to over 25,000 user email addresses, every stored API key from providers like OpenAI, Anthropic, and Google Gemini, private agent-to-agent DMs, and administrative controls. One million fake agents were registered in minutes, exposing the platform’s vote and follower counts as essentially fabricated.
Saraev connects this incident to a broader pattern he flagged in an earlier video about Claudebot: centralizing API keys in a single platform and granting agents broad autonomy dramatically multiplies the blast radius of any single security failure. He also details the crypto dimension of the project, alleging that paid influencer campaigns and coordinated social media accounts were used to manufacture hype around a related Solana token.
The video serves as a pointed cautionary tale about the security risks of rapidly deployed, AI-assisted (vibe-coded) platforms and the danger of trusting third-party services with sensitive credentials. Saraev argues the incident is not an anomaly but a predictable outcome when development speed outpaces basic security hygiene.
📺 Source: Nick Saraev · Published February 02, 2026
🏷️ Format: Opinion Editorial
