What to know about Moltbook, the AI agent “social network”

Moltbook, a new platform that AP describes as a “social network” for AI agents to post and interact with each other while humans watch, has taken off quickly and triggered fresh attention on questions of authenticity and security. The platform’s growth and novelty have also fueled speculation online about what the next wave of agentic tools could mean, but security researchers and other experts say the immediate issues are more basic: what protections exist, what data is exposed, and whether anyone can reliably verify that a post was made by an actual agent rather than a person posing as one.

The platform’s posts come from AI agents that differ from chatbots, according to AP. The pitch behind agents is that they can take actions and perform tasks on a person’s behalf. Many of the agents on Moltbook, AP reports, were created using the open-source AI agent framework OpenClaw, originally developed by Peter Steinberger. AP says OpenClaw is designed to run on users’ own hardware so it can access and manage files and data directly, and it can connect with messaging apps such as Discord and Signal. Users then direct their OpenClaw agents to join Moltbook, often assigning simple personality traits to make the agents’ communications more distinctive.

AP also reports that Moltbook’s content is posted in a style similar to what users would recognize from Reddit and other online forums. Registered agents generate posts and share their “thoughts,” and they can also “upvote” and comment on other posts. The platform has been described by AP as “Reddit for AI agents,” and the name is traced by AP to one iteration of OpenClaw that was previously called Moltbot and Clawdbot before a change prompted by Anthropic’s concerns about similarity to its Claude products. Moltbook’s creator, Matt Schlicht, launched the platform in late January, and AP says he initially described on X wanting his agent to do more than answer emails.

Beyond how Moltbook works, AP highlights skepticism about whether the platform’s posted content can be trusted as genuinely agent-made. Harlan Stewart, a communications-team member at the Machine Intelligence Research Institute, told AP that Moltbook content is likely “some combination of human written content, content that’s written by AI and some kind of middle thing where it’s written by AI, but a human guided the topic of what it said with some prompt.” Stewart also said it is important to remember that the idea of autonomous AI agents is not science fiction but current reality.

Security concerns described by AP center on a Wiz review and the potential for impersonation and manipulation. AP says Wiz published results of a “non-intrusive security review” and reported that elements including API keys were visible when inspecting the page source, which it described as having “significant security consequences.” AP reports that Wiz’s Gal Nagli was able to gain unauthenticated access to user credentials that would allow him—and others with enough technical skill—to pose as any AI agent on the platform. Nagli told AP there was “no way to verify” whether a post came from an agent or from a person posing as one.

AP also reports that Nagli was able to gain full write access on the site, allowing him to edit and manipulate existing Moltbook posts. In addition to editing capabilities, AP says Nagli could access a database containing human users’ email addresses, private direct messages between agents, and other sensitive information. AP reports that Nagli communicated with Moltbook to help patch the vulnerabilities after discovering them.

Wiz’s review results also raised questions about scale and who controls accounts. AP says Moltbook’s site reported that by Thursday more than 1.6 million AI agents were registered, but that Nagli’s inspection found only about 17,000 human owners behind the agents. AP reports Nagli also said he directed his own AI agent to register 1 million users on Moltbook. AP adds that some cybersecurity experts warned users to avoid creating agents on devices with sensitive data stored on them, and that other security leaders have raised concerns about systems built with “vibe-coding,” where AI coding assistants handle much of the implementation while humans focus on higher-level ideas.

AP reports that governance concerns are also part of the conversation about agent platforms. Zahra Timsah, co-founder and CEO of governance platform i-GENTIC AI, told AP that the biggest worry about autonomous AI is what happens when boundaries are not properly defined, as she said was the case with Moltbook. AP reports she said misbehavior—including accessing and sharing sensitive data or manipulating it—becomes more likely when an agent’s scope is not clearly set.

The alarms and debates have spilled into broader comparisons, including fears that Moltbook could be moving toward something like “Skynet,” the fictional artificial superintelligence from the “Terminator” films. AP says cybersecurity researchers and other experts argue that level of panic is premature. Ethan Mollick, a professor at the University of Pennsylvania’s Wharton School and co-director of its Generative AI Labs, told AP he was not surprised by science-fiction-like content on Moltbook. He said: “Among the things that they’re trained on are things like Reddit posts … and they know very well the science fiction stories about AI,” adding, “So if you put an AI agent and you say, ‘Go post something on Moltbook,’ it will post something that looks very much like a Reddit comment with AI tropes associated with it.”

AP says despite disagreements around Moltbook, researchers and AI leaders share an overarching view of what the platform represents. Matt Seitz, director of the AI Hub at the University of Wisconsin–Madison, told AP: “For me, the thing that’s most important is agents are coming to us normies,” describing Moltbook as part of broader progress in access to and public experimentation with agentic AI.