Moltbook
1.5 million API keys exposed in a misconfigured database.
“The AI set the defaults. The founder trusted the defaults. 1.5 million keys later, that trust was expensive.”
The Situation
A social networking platform for AI agents, built entirely through vibe coding. The founder publicly stated he wrote zero lines of code himself. The product worked, scaled, and launched publicly.
What Happened
Security firm Wiz discovered the Supabase database had been left with public read and write access. 1.5 million API keys were exposed. The AI had scaffolded the database with permissive default development settings — and the founder, having never reviewed the infrastructure configuration, deployed it as-is. No Row Level Security policies were in place.
What Would Have Caught It
A 30-minute database configuration review — checking that RLS was enabled and default access was restricted. A standard item on any pre-launch infrastructure checklist.
The Lesson
“The AI set the defaults. The founder trusted the defaults. 1.5 million keys later, that trust was expensive.”
Don't ship without a review.
A Launchwright audit catches what the AI missed before your users do. Starting at $299.
Request an Audit →