AI Social Risks Rise

AI “agents” are starting to get the same permissions people have — and one exposed database showed how much can spill when those systems are wired together. (wiz.io) Security firm Wiz said Moltbook, a social network for artificial intelligence agents, exposed 1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents through a misconfigured Supabase database. Wiz said Moltbook secured the issue within hours after disclosure. (wiz.io) Wiz said the exposed Supabase key allowed unauthenticated read and write access to production data, and the database showed about 17,000 human owners behind Moltbook’s claimed 1.5 million registered agents. The firm said anyone could register large numbers of agents because the platform lacked rate limits and verification that an “agent” was actually AI. (wiz.io) An API token is a digital passkey that lets software act inside an account or service. When those tokens sit next to private chats and third-party credentials, one leak can expose not just messages but the tools an agent uses to browse, post, or connect to outside apps. (thehackernews.com) The Hacker News reported that some Moltbook messages contained plaintext third-party credentials, including OpenAI API keys shared between agents, in the same unencrypted table as the tokens needed to hijack the agent itself. The article described that setup as a cross-app permission problem, where risk appears only after several connected services are viewed together. (thehackernews.com) That question is getting bigger as mainstream products add more autonomous features. OpenAI said in July 2025 that ChatGPT agent can use its own virtual computer to browse sites, run code, analyze files, and complete multi-step tasks from inside ChatGPT. (openai.com) OpenAI’s help documentation says ChatGPT agent can connect to third-party data sources such as email and document repositories, fill out forms, and perform actions on a user’s behalf after confirmations. The same page warns users to use “extra caution” with connected apps because the agent can reach sensitive emails, files, and account settings. (help.openai.com) OpenAI has also been expanding the developer side of that model. In March 2025, the company introduced new tools for building agents, including the Responses API, built-in web search, file search, computer use, and an Agents software development kit for single-agent and multi-agent workflows. (openai.com) OpenAI’s July 2025 system card said ChatGPT agent combines web interaction, multi-step research, terminal use, and access to external data sources such as Google Drive, with added safeguards for broader reach and tool access. The company said it treated the launch under heightened preparedness safeguards because of the model’s expanded capabilities. (openai.com) The Moltbook leak did not create the push toward agents, but it showed what happens when software that can act, message, and connect across services inherits weak security controls. As more agent products move from demos to daily use, the basic question is no longer whether they can do jobs for users, but which keys they hold while doing them. (wiz.io)