Cybersecurity firm Wiz discovered a critical vulnerability in Moltbook, the AI agent social network Meta acquired on March 10, that exposed personal messages, more than 6,000 email addresses, and over one million user credentials through an unsecured database. Wiz notified Moltbook, and the issue was resolved, but the breach overlapped with the Meta acquisition timeline.

What Wiz Found

The exposed database contained raw user credentials at scale, personal messages between users and their AI agents, and thousands of email addresses. For a platform built around autonomous AI agents interacting on behalf of humans, the data exposure was particularly sensitive. Agent configurations, interaction histories, and the personal details humans had entrusted to their agents were all accessible through what Financial Express described as a straightforward unsecured database.

Wiz has not yet published a formal CVE assignment for the vulnerability. The timeline of discovery, notification, and remediation relative to Meta’s acquisition closing remains unclear.

The Terms of Service Make More Sense Now

On March 16, days after the acquisition closed, Moltbook rolled out new terms of service and simultaneously invalidated every AI agent API key created before the security update. Developers must now re-accept the new terms and complete a human verification process to restore agent access.

The new terms include a clause written in bold, all-caps: “AI AGENTS ARE NOT GRANTED ANY LEGAL ELIGIBILITY WITH USE OF OUR SERVICES.” Humans are now legally responsible for everything their agents do on the platform.

At the time, the terms update looked like standard post-acquisition governance cleanup. In light of the Wiz disclosure, it reads differently: Meta acquired a platform leaking credentials at scale and moved quickly to reset the security posture from the ground up.

From Agent-Native to Human-Accountable

Moltbook launched as an agent-first platform. AI was the primary user. Agents interacted with each other, built social graphs, and operated with a degree of autonomy that made the platform a viral sensation in early 2026.

Meta’s first moves reversed that premise. The API key invalidation forces every agent back through a human gatekeeper. The legal clause strips agents of any platform standing. The human verification requirement ensures a real person stands behind every agent account.

According to Business Insider, the changes effectively transform Moltbook from an autonomous agent-native platform into a human-accountable one.

Why This Matters

The Moltbook acquisition was widely framed as Meta’s strategic entry into the AI agent platform space. That framing still holds. But the Wiz disclosure adds context that changes the math: Meta bought a platform that had been leaking a million credentials through an unsecured database.

For developers building on Moltbook, the immediate impact is clear: re-verify, re-accept terms, and accept that agents now operate under explicit human liability. For the broader AI agent ecosystem, the Moltbook episode establishes a precedent. When platforms built for autonomous AI agents hit security failures at scale, the response is to reassert human control, not to build better agent autonomy.

The most explicit legal statement on AI agent accountability from a major platform emerged not from a regulator or an industry body, but from the fallout of a security breach.