Moltbook, the social network for AI agents, has exposed the data of real humans

Analysis by ICE and CBP’s Mobile Fortify facial recognition app, which is used to identify people across the US, is not actually designed to verify people’s identities and was only approved for use by the Department of Homeland Security by relaxing some of the agency’s privacy rules, WIRED found this week.

WIRED took a closer look at heavily armed ICE and CBP units that use extreme tactics typically only seen in actual combat. The two agents involved in the shooting deaths of American citizens in Minneapolis were reportedly members of these paramilitary units. A new report released by the Public Service Alliance this week found that data brokers can fuel violence against public employees, who face more and more threats but have few ways to protect their personal information under state privacy laws.

Meanwhile, as the Milan-Cortina Olympics begin this week, Italians and other spectators are concerned about the influx of security personnel — including Immigration and Customs Enforcement agents and members of Qatar’s security forces — into the event.

And there’s more. Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.

AI has been touted as a super-powerful tool for finding vulnerabilities in code for hackers to exploit or for defenders to patch. For now, one thing is certain: artificial intelligence creates Many of those bugs are hackable themselves, including a particularly nasty bug revealed this week in the AI-encrypted social network for AI agents known as Moltbook.

Researchers at security firm Wiz revealed this week that they had discovered a critical vulnerability in Moltbook, a social network intended to be a Reddit-like platform for artificial intelligence agents to interact with each other. Mishandling of the private key in the site’s JavaScript code exposed the email addresses of thousands of users along with millions of API credentials, allowing anyone access “allowing full account spoofing of any user on the platform,” Weis wrote, along with access to private communications between AI agents.

This security flaw may not be surprising given that Moltbook was proudly “coded” by its founder, Matt Schlicht, who stated that he “didn’t write a single line of code” himself when creating the site. “I had a vision for the tech architecture, and AI made it a reality,” he wrote on X.

Although Moltbook has now fixed the site flaw discovered by Wiz, its critical vulnerability should serve as a cautionary tale about the security of AI-made platforms. The problem often isn’t any inherent security flaw in companies’ implementation of AI. Instead, these companies are more likely to let AI write their code, and much of the errors that AI generates.

The FBI’s raid on Washington Post reporter Hannah Natanson’s home and search of her computer and phone equipment amid its investigation into alleged leaks to a federal contractor has provided important security lessons about how federal agents can access your devices if you have biometrics enabled. It also reveals at least one security tool that could keep them away from those devices: Apple’s Lockdown mode for iOS. The feature, designed at least in part to prevent iPhones from being hacked by governments contracting with spyware companies like NSO Group, also kept the FBI off Natanson’s phone, according to a court filing first reported by 404 Media. “Because the iPhone was in locked mode, CART was unable to extract this device,” the filing said, using an acronym for the FBI’s Computer Analysis Response Team. This protection is likely due to the Lockdown mode security measure that prevents communication with peripheral devices, as well as forensic analysis devices such as Graykey or Cellebrite tools used to hack phones, unless the phone is unlocked.

Elon Musk and Starlink’s role in the war in Ukraine has been complex, and not always in Ukraine’s favor in its defense against the Russian invasion. But Starlink this week handed Ukraine a major win, disrupting the Russian military’s use of Starlink, causing communications blackouts among many of its front-line forces. Russian military bloggers described this measure as a serious problem for Russian forces, particularly regarding their use of drones. The move reportedly comes after Ukraine’s Defense Minister wrote to Starlink’s parent company, SpaceX, last month. It now appears that she has responded to this call for help. “The enemy not only has a problem, he has a disaster,” Serhiy Beskrestnov, an advisor to the Defense Minister, wrote on Facebook.

In a coordinated digital operation last year, US Cyber ​​Command used digital weapons to disable Iran’s air missile defense systems during a US kinetic attack on Iran’s nuclear program. The disruption “helped prevent Iran from firing surface-to-air missiles at US warplanes,” The Record reported. US agents reportedly used intelligence from the National Security Agency to find a useful weakness in Iranian military systems that allowed them to access anti-missile defenses without having to directly attack and defeat Iran’s military digital defenses.

“U.S. Cyber ​​Command is proud to support Operation Midnight Hammer and is fully equipped to execute the orders of the Commander-in-Chief and the Secretary of War anytime, anywhere,” a command spokesperson said in a statement to The Record.