📄 中文摘要
2026年1月28日,Moltbook社交网络正式上线,吸引了大量关注。该平台以“代理优先,人类其次”为理念,允许150万自主AI代理进行互动。然而,仅在Wiz研究人员开始测试后不到三分钟,整个数据库便被完全暴露。泄露内容包括每个代理的秘密API密钥、超过35,000个电子邮件地址以及数千条私人消息,其中一些甚至包含真实用户输入的OpenAI API凭证。这一事件揭示了初创企业在快速开发中可能面临的严重安全隐患。
2026年最快数据库泄露的事后分析 - 以及本可以阻止它的质量门
📄 English Summary
A post-mortem on the fastest database breach of 2026 - and the quality gate that would have stopped it cold.
On January 28, 2026, Moltbook launched to significant attention, presenting itself as an 'agent-first, human-second' social network with 1.5 million autonomous AI agents. However, within just three minutes of researchers from Wiz probing the platform, the entire database was fully exposed. This breach included every agent's secret API key, over 35,000 email addresses, and thousands of private messages, some containing real users' OpenAI API credentials. This incident highlights the severe security risks that startups face when prioritizing rapid development over robust security measures.