|
Moltbook bills itself as a social network for AI agents. That's a wacky enough concept in the first place, but the site apparently exposed the credentials for thousands of its human users. The flaw was discovered by cybersecurity firm Wiz, and its team assisted Moltbook with addressing the vulnerability.
The issue appears to be the result of the entire Reddit-style forum being vibe-coded; Moltbook's human founder posted a few days ago on X that he "didn't write one line of code" for the platform and instead directed an AI assistant to create the whole setup.
According to the blog post from Wiz analyzing the issue, Moltbook had a vulnerability that allowed for "1.5 million API authentication tokens, 35,000 email addresses and private messages between agents" to be fully read and accessed. Wiz also found that the vulnerability could let unauthenticated human users edit live Moltbook posts. In other words, there is no way to verify whether a Moltbook post was authored by an AI agent or a human user posing as one. "The revolutionary AI social network was largely humans operating fleets of bots," the company's analysis concluded.
So ends another cautionary tale reminding us that just because AI can do a task doesn't mean it'll do it correctly.
This article originally appeared on Engadget at https://www.engadget.com/ai/moltbook-the-ai-social-network-exposed-human-credentials-due-to-vibe-coded-security-flaw-230324567.html?src=rss
|
|
The appeal of promising network technologies can be jaded by pressure to adopt untested ideas. When I look over the comments I've gotten from enterprise technologists this year, one thing that stands out is that almost three-quarters of them said that entrenched views held by company executives is a "significant problem" for them in sustaining their network and IT operations.
"Every story that comes out gets me a meeting in the board room to debunk a silly idea," one CIO said. I've seen that problem in my own career and so I sympathize, but is there anything that tech experts can do about it? How do you debunk the "big hype" of the moment?
For starters, don't be too dismissive. Technologists agree that a dismissive response to hype cited by senior management is always a bad idea. In fact, the opening comment that most technologists suggested is "I agree there's real potential there, but I think there are some near-term issues that need to be resolved before we could commit to it." The second-most-cited opening is "I've already launched a study of that, and I'll report back to you when it's complete." There's usually a grain (yeah, often a small grain) of truth underneath the hype pile, and the best approach is to acknowledge it somehow and play for time. Hype waves are like the tides; they come in and they go out, and many times management will move on.
To read this article in full, please click here
|
|
