Toxic Combinations: When Cross-App Permissions Stack into Risk
Summary
On January 31, 2026, researchers found that Moltbook, a social network for AI agents, exposed 35,000 email addresses and 1.5 million agent API tokens because its database was unencrypted, including plaintext third-party credentials like OpenAI API keys. The core risk is a "toxic combination," where an AI agent or integration bridges two or more applications through OAuth grants (permission frameworks allowing apps to access each other) or API connections, and each application owner reviews only their own side, missing the security risks created by the bridge itself.
Solution / Mitigation
The source suggests shifting review processes from inside each app to between them, recommending four specific areas: (1) maintain a non-human identity inventory treating every AI agent, bot, MCP server (modular tools that extend AI capabilities), and OAuth integration the same as user accounts with owners and review dates, (2) flag new write scopes (permissions to modify data) on identities that already hold read scopes (permissions to view data) in different apps before approval, (3) create a review trail for every connector linking two systems that names both sides and the trust relationship between them, and (4) monitor long-lived tokens whose activity has drifted from their original scopes.
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html
First tracked: April 22, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 92%