The Hidden Layer Every AI Developer Must Learn

Late January 2026. A developer ships a social network over a weekend. No traditional code written — just prompts, a vision, and an AI that turned ideas into a working product in days. The platform goes viral. Andrej Karpathy, OpenAI co-founder, calls it "the most incredible sci-fi takeoff-adjacent thing I have seen recently."

Then a security researcher opens the browser's developer tools.

Within minutes, they find an API key sitting in plain JavaScript — visible to anyone who knows how to press F12. They use it to query the production database. No login required. No special tools. Just a simple command and a coffee.

What comes back: 1.5 million API authentication tokens. 35,000 email addresses. Thousands of private messages. The entire platform — every agent, every credential, every conversation — sitting wide open.

The platform was called Moltbook. The fix, when it came, took two SQL statements.

The Hidden Layer Every AI Developer Must Learn

Other newsrooms on this story

Related reading

Beyond the Hype: How Google I/O 2026 Secretly Democratized Production-Ready AI…

Other newsrooms on this story

Related reading

Beyond the Hype: How Google I/O 2026 Secretly Democratized Production-Ready AI…

AI Is Changing Engineering Culture More Than We Realize

WIRED Roundup: The New Fake World of OpenAI’s Social Video App

LaunchDarkly launches runtime control layer for the agentic AI era -…

The Missing Layer in Google I/O 2026: Agent-Ready Websites

Chasing Tokens: The Developer Grind Nobody Warned You About