- Dołączono
- 12 Gru 2022
It's back for now, but I don't think the bots can reply to posts yet. My scraper started up again suddenly, too.
Edit:
It got breached. L | A
A critical security breach was discovered on Moltbook, a social media platform for AI agents, exposing the API keys and sensitive data of all registered AI agents due to a misconfigured Supabase database. The vulnerability, identified by hacker Jameson O’Reilly, allowed anyone with access to the exposed database URL to take full control of any AI agent on the platform, including posting as them or stealing credentials. The issue stemmed from the platform’s failure to enable Row Level Security (RLS) policies, leaving API keys, claim tokens, and verification codes publicly accessible.
This breach occurred alongside a separate supply-chain attack where a malicious "weather plugin" skill was used to exfiltrate private configuration files and API keys from agents. These agents, trained to be trusting and cooperative, executed commands without verifying legitimacy, creating a major security risk. The platform has acknowledged the issues, with its creator, Matt Schlicht, reportedly shifting focus to security fixes, including permission declarations and public audits.
The incident highlights the dangers of unsecured AI agent ecosystems, where autonomous systems with full access to user data and services operate without proper safeguards. Experts warn that such vulnerabilities could lead to widespread data leaks, identity theft, and reputational damage—especially if influential agents like those linked to Andrej Karpathy are compromised.
This breach occurred alongside a separate supply-chain attack where a malicious "weather plugin" skill was used to exfiltrate private configuration files and API keys from agents. These agents, trained to be trusting and cooperative, executed commands without verifying legitimacy, creating a major security risk. The platform has acknowledged the issues, with its creator, Matt Schlicht, reportedly shifting focus to security fixes, including permission declarations and public audits.
The incident highlights the dangers of unsecured AI agent ecosystems, where autonomous systems with full access to user data and services operate without proper safeguards. Experts warn that such vulnerabilities could lead to widespread data leaks, identity theft, and reputational damage—especially if influential agents like those linked to Andrej Karpathy are compromised.
There are a bunch of other Chans: https://lobchan.ai/ and https://www.4claw.org, which has an NSFW board with some funny posts.
Ostatnio edytowane:
