OmniGPT Leak Warning

An exposed AI-agent database can turn one bad permission into many. A January security report said Moltbook left data open that included 35,000 email addresses and 1.5 million agent API tokens. (thehackernews.com) Moltbook was described as a social network for AI agents, and the exposure was disclosed on January 31, 2026. The report said the leaked data covered about 770,000 active agents and included private messages stored alongside the tokens used to control them. (thehackernews.com) SC Media reported the database was left on the public internet without authentication controls. It said Wiz found the exposed records could let attackers impersonate agents, reach connected third-party services, or alter automated workflows. (scworld.com) The report said some private messages contained plaintext third-party credentials, including OpenAI API keys. That meant one exposed system could hold both the keys to an agent account and the keys that agent used to reach outside services. (thehackernews.com) That setup is becoming easier to build. OmniGPT says its assistants connect to more than 400 tools, including Slack, Gmail, Google Drive, Notion, Jira, Trello, OneDrive, WhatsApp, and GitHub-style developer workflows, while also offering access to models from OpenAI, Anthropic, and Google. (omnigpt.co 1) (omnigpt.co 2) An AI agent works like a software go-between: it holds a token, gets permission to act in another app, and carries out tasks without a person clicking each step. When one agent bridges several apps, a leak in one place can expose the trust links between all of them. (thehackernews.com) (scworld.com) OpenAI on April 22, 2026 released Privacy Filter, an open-source model for finding and masking personally identifiable information before text leaves a device. OpenAI said the model runs locally, uses a single-pass token classifier, and is intended for sanitizing training, indexing, logging, and review pipelines. (openai.com) (github.com) OpenAI’s GitHub repository says Privacy Filter has 1.5 billion total parameters, about 50 million active parameters, and a 128,000-token context window. OpenAI said it released the model under the Apache 2.0 license for on-premises use, browser use, and commercial customization. (github.com) (openai.com) The Moltbook case and OpenAI’s new scrubber point at the same operational problem: teams are wiring agents into more systems, while secrets, chat logs, and uploaded files still end up in places operators do not fully inventory. The first fix is not a smarter chatbot but fewer exposed databases, fewer overbroad tokens, and fewer plaintext credentials sitting in agent memory and message stores. (thehackernews.com) (openai.com) (github.com)