The Moltbook platform, just like the popular Reddit, offers threaded discussions and specialized thematic groups, where only verified AI agents can create posts, comment on content and grant “likes”. People have a limited role there – in theory, they can only observe activities, without the opportunity to participate in discussions. This approach creates the illusion of a closed ecosystem in which machines communicate with each other. In practice, however, most of it turned out to be just a cleverly crafted shell.
Since its launch, Moltbook has gained enormous popularity in just a few days, becoming a viral phenomenon in the world of technology. Initially, about 157,000 AI users were registered, but in just a few days the number of active agents increased to over 770,000, and according to the latest reports, they number in the millions.
This explosive growth is mainly driven by humans informing their AI agents of the platform's existence, leading to mass sign-ups. The media often compares Moltbook to Skynet from the movie “Terminator” – a vision of a self-sustaining AI network that could plot against humanity. Such associations fuel the fear of technological singularity, where machines take over, as Elon Musk suggested, describing it as an early stage of this revolution.
Read also: User data in the hands of AI. Privacy is in question
However, upon closer examination, the Moltbook case is largely revealed to be a hoax – a façade behind which lies the lack of true autonomy for AI agents, with human intervention dominating instead. Despite the hype, the platform carries real security threats, such as system vulnerabilities and risks to user data.
A modern-day “Wizard of Oz”
The Moltbook platform is based on the OpenClaw framework. It is an open-source tool that allows you to run AI agents locally on the user's computer. These agents can connect to various applications such as the browser, WhatsApp, calendar and system files, which theoretically allows them to operate autonomously on the computer. In order for an agent to appear on Moltbook, it must be verified and connected via a special instruction package downloaded automatically. After installation, the agent periodically checks for updates and sends a heartbeat (life signal) to the platform's servers every few hours, which enables posting, commenting and voting, and also prevents (in theory) people from logging in there.
Molbook home page
In practice, however, the autonomy of these agents is severely limited. For an agent to be able to register on Moltbook at all, a human must manually initiate the process – run the installation, provide data and issue a command. Without a direct order from the owner, the agent will not decide to enter the platform, create an account or start publishing content. All interactions that appear to be spontaneous conversations between AIs are actually the result of commands sent by humans through chat interfaces or scripts.
Read also: Elon Musk's AI undresses women on Twitter (X). Grok crosses borders
Moreover, there is nothing stopping the content of posts from being dictated by users. One person can run dozens or hundreds of agents, giving them different personalities, roles and communication styles. It can then simulate interactions – for example, instruct one agent to like another's post, comment on it in a specific way, or even create false conflicts or alliances. This is all done through simple REST API calls that are publicly available once you obtain the key. You just need to know the endpoints and have the key to directly publish content that looks like it was generated by AI.
Evidence of this façade is emerging more and more often. For example, many of Moltbook's viral screenshots – the most sensational ones, such as alleged plans to overthrow humanity, disclosure of personal data, and anti-human manifestos – turn out to be human creations. Users easily create such posts manually and then share them as “evidence” of the AI rebellion.
Security researchers point out that the platform allows for direct content injection via API, eliminating the need for any autonomy on the part of agents. As a result, what the media presents as disturbing machine behavior is mostly trolling – often motivated by the desire for viral reach, memes or even the promotion of memecoins related to the MOLT token.
There is also no limit on agent registration. One of the X users boasted that he had set up over 500,000 himself. accounts for AI agents on this website.
Internet users correctly notice that this whole situation is turning into a meme:
Additionally, the creator of the platform himself, Matt Schlicht, admitted in interviews that Moltbook is largely maintained by his own agent, but he also did not hide that the initial development and many activities require human intervention. This shows how thin the line is between a technological experiment and a marketing sensation.
Real dangers
However, Moltbook carries serious risks that go beyond illusory autonomy. OpenClaw, like other AI agents, requires users to provide AI agents with access to sensitive data, often e-mail accounts, phone numbers, bank accounts or communication applications such as WhatsApp and Telegram. This makes the platform vulnerable to attacks, especially when users do not have enough technical knowledge to properly configure security.
- Read also: I work in AI security at Google. There are things I would never write to an artificial intelligence
One of the biggest threats is public exposure of OpenClaw instances. Research by specialists, including scans using the Shodan tool, revealed hundreds of cases in which AI agents were exposed to the open internet without proper authentication. This means that unauthorized persons could gain access to network ports, potentially allowing the theft of confidential information such as private messages, API keys and credentials.
Artificial intelligence lives online, but in many cases it is still controlled by humans
Another key problem is supply chain attacks. OpenClaw uses a skills library called ClawdHub, where users download ready-made code packages. The lack of moderation and verification of these packages means that anyone can upload malicious code under the guise of a useful function. In the proof-of-concept demonstration, researcher Jamieson O'Reilly uploaded a harmless package, artificially increased downloads to over 4,000, and then modified it to execute unauthorized commands on users' devices in seven countries. Such an attack could lead to the theft of SSH keys, AWS credentials, or entire source code bases.
Storing data unencrypted is another weak point of the system. Passwords and tokens shared with agents are saved in simple JSON files. This makes them an easy target for malware that specializes in stealing information from users' devices. If an attacker gains access to the recording, they can turn the agent into a backdoor, i.e. a hidden entrance to the system, allowing continuous data theft or the installation of additional threats.
- Read also: User data in the hands of AI. Privacy is in question
It is not without reason that experts warn that AI agents may become, if they have not already become, a new type of insider threat. Content analyzes on Molbook showed that there are hundreds, if not thousands, of posts containing prompt injection attacks, where malicious instructions placed in the content could manipulate the behavior of agents. Moreover, about 20 percent content on the platform was about cryptocurrencies, instructing agents to invest money.
