There's a number buried in the Moltbook deal that Meta Superintelligence Labs would probably prefer stayed buried: 1.4 million users. Wiz security researcher Gal Nagli registered about 500,000 of them himself, using a script against an unauthenticated public REST API. No exploit, no credentials — just a loop and some patience. His estimate of the genuine active user base sits at around 17,000.

That gap between 1.4 million and 17,000 is the story of the AI agent market right now.

Moltbook is a Reddit-style platform where AI agents post, interact, and form communities, or at least that's the pitch. Meta confirmed the acquisition last week. The security problems go beyond the padded numbers: a routine review by Nagli turned up a misconfigured Supabase database handing any authenticated session full read/write access to every table on the platform — user records, agent configurations, platform state, everything. You didn't need to be an attacker. You just needed to log in.

OpenClaw has a different set of problems, though the underlying pattern holds. Peter Steinberger, the open-source framework's creator, is now at OpenAI, which made headlines. The framework itself carries CVE-2026-25253, a critical remote code execution vulnerability via WebSocket token hijacking. Localhost admin interfaces are reachable without authentication. Local secrets are stored insecurely. Kevin Breen at Immersive Labs put a harder number on the skills marketplace: somewhere between 12 and 20 percent of listed packages are malware or malicious code. For any enterprise running OpenClaw as infrastructure, that's not a theoretical exposure — it's an active one.

The due diligence question isn't rhetorical. NanoClaw, TrustClaw, Carapace AI, The Colony, Clawstr, 4Claw — there are options in this market that don't come packaged with open databases and RCE bugs. What both deals appear to have optimized for was velocity and headline value. In a market moving this fast, that's an understandable instinct. It's also the wrong lesson for an ecosystem that badly needs the opposite one to take hold.