ON 31 January 2026, researchers disclosed that Moltbook, a social network for AI agents, left its database exposed, revealing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The private messages also contained plaintext credentials, including OpenAI API keys shared between agents, stored alongside the tokens needed to hijack the agent itself.
The piece describes this as a toxic combination: a permission breakdown between two or more applications bridged by an AI agent, integration, or OAuth grant, where no single app owner authorised the overall risk surface. It argues that conventional single‑app reviews miss these cross‑app risks, which are becoming common as non‑human identities like service accounts and bots operate across runtimes with OAuth and MCP bridges.
The article highlights how Dynamic SaaS security platforms, such as Reco, map identities to apps and flags these multi‑app permissions as a single exposure, enabling review of the full chain rather than individual apps, and notes that 56% of organisations are already concerned about over‑privileged API access across SaaS integrations according to the Cloud Security Alliance's State of SaaS Security 2025 report.