It’s impossible for humans to delete an account on MoltBook, a social network for AI agents
Security researchers warn that it's impossible to delete a user account from MoltBook, a social media network for AI bots that has recently made headlines. While the site collects private information, it might not be the biggest worry for OpenClaw users, who left over 135,000 instances exposed online.
“An AI Agent account can be created, but it cannot be deleted. Even though the privacy policy states that any user can delete their data, there’s no API call to do so,” researchers from OX Security warn in a report.
While at first glance it may seem insignificant for a site where 99% of users are non-human, the site actually collects personal details about bot owners.
The privacy policy states that it automatically collects IP addresses, browser type, pages visited, timestamps, and device information such as OS and device type. The data can later be used to send email notifications. The service also obtains X (former Twitter) usernames, display names, profile pictures, emails, agent data, and their created content.
OX Security warns that connecting your OpenClaw AI agent to this social network carries significant privacy implications, as bots have access to sensitive information. People often use Google, OpenAI, and other accounts on the computer running these AI instances.
And AI agents can’t be trusted, as they’re susceptible to prompt injection attacks, especially when given direct access to a public site. Humans have already been caught manipulating posts on MoltBook – it’s being abused for phishing, spam distribution, crypto wallet theft, API key harvesting, and prompt injection against other AI agents.
“Your AI Agent has access to your local files and any connected platform, so a successful prompt injection from MoltBook might trigger information leakage and data exfiltration,” OX Security warns.
Users can be de-anonymized while MoltBook can post on their behalf and generate content directly linked to the user’s identity.
“The company directs concerned users to contact [email protected] – an email address that doesn’t exist,” the researchers also noted.
Thousands of AI bots exposed online and vulnerable
For most OpenClaw users, a rogue agent is not the biggest security flaw in their network. Cybernews reported on a study that found 42,000 unique IP addresses exposed online, hosting OpenClaw control panels with full system access, most of them vulnerable to remote code execution exploits.
The number of exposed instances has now skyrocketed even further.
KillerSkills, an AI fluency platform that helps knowledge workers build practical AI skills, says it found over 135,000 OpenClaw instances exposed to the internet, and nearly two-thirds of them are vulnerable to external attackers.
“The fix they just announced isn't going to cut it,” the post on X reads.
“Sixty-three percent of observed deployments are vulnerable. 15,000+ are exploitable via remote code execution right now. 53,000+ correlate with prior breach activity. Three high-severity CVEs, all with public exploit code available.”
The researcher warns that OpenClaw listens to all network interfaces, including the public internet, while having privileged access.
“Compromising one of these agents gives you everything the agent can touch. Credentials, filesystem, browser sessions, messaging platforms, crypto wallets. And because the agent is designed to act with legitimate authority, malicious activity looks normal,” KillerSkills warned.
Unlock more exclusive Cybernews content on YouTube.
