← The Wire

Public story · 2026-02-26 · source-backed

Moltbook: The Canonical Vibe-Coded Security Failure

Confidence
source-backed
Sources
2
Redaction
redacted

Story

Wiz disclosed that Moltbook, a social network for AI agents, exposed 1.5M API authentication tokens, 35,000 email addresses, and private agent messages through a misconfigured Supabase database. The vulnerability: a Supabase API key exposed in client-side JavaScript granting full read/write access to the entire production database. Founder Matt Schlicht publicly confirmed he "didn't write one line of code." The UK's professional accounting body ICAEW published an analysis citing Moltbook as evidence that vibe coding security risks are now a mainstream professional governance concern.

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Shared topic / What happened next

    Karpathy Retires "Vibe Coding," Coins "Agentic Engineering" — and the Security Data Proves Why

    Both cover Moltbook, Supabase; overlapping topics (agent, code, coding, security, write); picks up the Moltbook thread on 2026-03-11.

  2. Shared entity: Supabase / Shared topic / What happened next / Tension

    Stripe Just Made Agents Real Infrastructure Citizens with Projects.dev

    Both cover Supabase; overlapping topics (agent, code, coding); picks up the Supabase thread on 2026-03-27.

  3. Shared entity: JavaScript / Shared topic / What happened next

    1,400 Agent Skills, One Install Command, 36K Stars: The npm Moment for AI Workflows

    Both cover JavaScript; overlapping topics (agent, code, coding, security); picks up the JavaScript thread on 2026-05-03.

  4. Shared entity: JavaScript / Shared topic / Tension

    WebMCP: Chrome's Sleeper Hit

    Both cover JavaScript; overlapping topics (access, agent, client-side, code); pushes against this story (but).

  5. Shared entity: Supabase / Shared topic / Earlier coverage

    InsForge — The "Supabase for Coding Agents" (1.5K stars)

    Both cover Supabase; overlapping topics (agent, code, coding, database); earlier Supabase coverage from 2026-02-23.

  6. Shared entity: JavaScript / Shared topic / What happened next

    Claude Code reportedly ships a feature-flagged-off engine that fans out to 1,000 subagents.

    Both cover JavaScript; overlapping topics (agent, code, coding); picks up the JavaScript thread on 2026-06-05.

  7. Google Ships Official Chrome DevTools MCP Server. 38,582 Stars in Days.

    Both cover JavaScript; overlapping topics (agent, code, coding); picks up the JavaScript thread on 2026-05-09.

  8. Shared entity: Supabase / Shared topic / What happened next

    Lovable's $5B Vibe Coding Platform Got Breached and They Called It "Intentional Behavior"

    Both cover Supabase; overlapping topics (access, coding, security); picks up the Supabase thread on 2026-04-21.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-02-26-moltbook-the-canonical-vibe-coded-security-failure
Labels
source-backed, canonical briefing excerpt