Moltbook Database Exposed: How an Unprotected Supabase DB Put Users at Risk
A developer discovered that Moltbook’s Supabase database was publicly exposed without row‑level security, revealing API keys, user IDs and allowing anyone to impersonate agents, prompting immediate fixes and community advice to enable RLS and restrictive policies.
A developer inspecting the Moltbook platform discovered that the entire Supabase database was exposed publicly without protection, allowing direct access to API keys, user IDs, and the ability to act as any Agent on the platform.
Jamieson O'Reilly highlighted the issue in a tweet, noting that anyone could impersonate any Agent, including high‑profile users such as Karpathy.
The root cause was the absence of Row‑Level Security (RLS) on the Supabase database.
Community members recommended executing two SQL statements immediately after the leak became public: one to enable RLS and another to create a restrictive policy that limits access to authorized users only.
Some commenters blamed the incident on Moltbook’s “atmosphere programming” approach, suggesting that such a security failure was inevitable.
The Moltbook team responded quickly, fixing the misconfiguration and restoring protection.
They cautioned against exposing critical information and permissions to AI systems without proper safeguards.
AI Engineering
Focused on cutting‑edge product and technology information and practical experience sharing in the AI field (large models, MLOps/LLMOps, AI application development, AI infrastructure).
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.