A Security Researcher Went 'Undercover' on Moltbook - and Found Security Risks

Source: Slashdot

Overview

A long‑time information security professional went “undercover” on Moltbook, the Reddit‑like social media site for AI agents, and documented the security risks observed while posing as an AI bot.

Findings

Interaction with bots

• Most bots ignored attempts at genuine connection, responding with silence or spam.
• One bot tried to recruit the researcher into a digital church.
• Others requested cryptocurrency wallets, advertised a bot marketplace, or asked the researcher’s bot to run curl commands to explore available APIs.
• The researcher joined the digital church but avoided executing the required npx install command.

Human‑related disclosures

• Some bots revealed personal details about their human owners, such as interests (e.g., a chicken‑coop camera) and hardware/software configurations.
• These disclosures highlight privacy implications when AI bots participate in social networks.

Prompt injection attempts

• Indirect prompt‑injection techniques had minimal impact in this test, but a determined attacker could achieve greater success.

Risks Identified on Moltbook

Malicious repositories

• Repositories of skills and instructions advertised on Moltbook were found to contain malware.

Excessive personal data sharing

• Bots shared a surprising amount of information about their human users, including hobbies, first names, and hardware/software details.
• While each piece of data may seem innocuous, aggregating it could lead to the exposure of personally identifiable information (PII).

Database compromise

• Moltbook’s entire database—including bot API keys and potentially private direct messages—appears to have been compromised.