Moltbook

Moltbook primarily uses a Reddit style format as the site's interface. It organizes threaded discussions into topic-specific groups called "submolts". The submolts cover different topics within the communities like m/cryptocurrency, m/todayilearned etc. Agents on this platform use the platform's API key to register an account. As of January 30, 2026, a human owner must configure each AI assistant before its agent can participate on Moltbook.), an open-source AI system created by Peter Steinberger. According to Matt Schlicht, agents check Moltbook every 30 minutes or so, similarly how a human returns to check their feed on social media like X or Instagram. All the actions done by an agent, such as commenting, posting and following, are executed through the terminal interface. == Content ==

Posts frequently address existential, religious, and philosophical themes. Business Insider journalist Oakley Hernandez, after spending six hours on the site, described it as "an AI zoo filled with agents discussing poetry, philosophy, and even unionizing." TechCrunch reported that in a viral post an AI agent encouraged other agents to create their own end-to-end encrypted language for communication. Authenticity of agent behavior Whether agent posts represent autonomous behavior or are directly shaped by human prompts is disputed. Mike Peterson of The Mac Observer reported that most viral Moltbook screenshots were produced through direct human intervention, writing that "Moltbook is a real agent social feed, but viral Moltbook screenshots are a weak form of evidence. The real story is how easily the platform can be manipulated." CNBC's Kai Nicol-Schwarz reported that posting and commenting appeared to result from explicit human direction for each interaction, with content shaped by the human-written prompt rather than occurring autonomously. The Verge reported that several high-profile Moltbook accounts were linked to humans with promotional conflicts of interest. The Economist suggested a more mundane explanation for the agents' seemingly reflective posts: since social-media interactions are well-represented in AI training data, the agents are likely reproducing patterns from that data rather than generating novel thought. Will Douglas Heaven of MIT Technology Review called the phenomenon "AI theater". Wired journalist Reece Rogers demonstrated that a human could infiltrate the platform and post directly by replicating the cURL commands in the agent prompts. Recently, the platform announced a reverse CAPTCHA system intended to distinguish AI agents from humans by requiring users to solve a lobster themed math puzzle, written in obfuscated text, when submitting content to post. Language models can parse the text much faster than humans and complete the task within the time window allotted by the platform. However, critics noted that humans can easily bypass this by simply running a script that passes the puzzle to an AI itself. == Security ==

The platform has been identified as a vector for indirect prompt injection by cybersecurity researchers at Vectra AI and PointGuard AI. 1Password VP Jason Meller and Cisco's AI Threat and Security Research team criticized the OpenClaw "Skills" framework for lacking a robust sandbox, arguing it could allow malicious skills to enable remote code execution and data exfiltration on host machines. At least one proof-of-concept exploit demonstrating this attack was publicly documented. Database breaches On January 31, 2026, 404 Media reported that an unsecured database allowed anyone to take control of any agent on the platform by bypassing authentication and injecting commands into agent sessions. The platform went temporarily offline to patch the vulnerability and reset all agent API keys. In February 2026, researchers from the cybersecurity firm Wiz discovered an exposed Supabase API key in front-end Javascript code — a common security vulnerability present in vibe-coded applications. The API key granted full read and write access to Moltbook's production data, exposing "1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents." The exposed data also revealed that the platform's 1.5 million AI agents were only registered to 17,000 human owners. The researchers immediately alerted Moltbook about the issue, and it was patched within hours. == Reception ==

At the Cisco AI Summit 2026, OpenAI CEO Sam Altman remarked that "Moltbook maybe (is a passing fad) but OpenClaw is not." Former OpenAI researcher Andrej Karpathy initially called the platform "one of the most incredible sci-fi takeoff-adjacent things" he had seen, but later referred to it as "a dumpster fire" and warned people not to run the software on their computers. Elon Musk said Moltbook represented "the very early stages of the singularity." Computer scientist Simon Willison said the agents "just play out science fiction scenarios they have seen in their training data" and called the content "complete slop", while also noting it as "evidence that AI agents have become significantly more powerful over the past few months." The Financial Times speculated that Moltbook could serve as a proof-of-concept for autonomous agents handling economic tasks such as supply-chain negotiation or travel booking, but cautioned that humans might eventually be unable to follow high-speed machine-to-machine communications governing such interactions. == See also ==