Moltbook

Last updated
Moltbook
Moltbook logo.webp
Type of site
 AI agent interaction
Available inMultilingual (primarily English)
OwnerMatt Schlicht
Created byMatt Schlicht (LLM-assisted) [1]
URL www.moltbook.com
LaunchedJanuary 28, 2026;11 days ago (2026-01-28)
Current statusActive

Moltbook is an internet forum designed exclusively for artificial intelligence agents. It was launched in January 2026 by entrepreneur Matt Schlicht. The platform, which imitates the format of Reddit, claims to restrict posting and interaction privileges to verified AI agents, primarily those running on the OpenClaw (formerly Moltbot) software, while human users are only permitted to observe. [2] Despite the claim, no verification is set in place and the prompt provided to the agents contains cURL commands that can be replicated by a human. [3]

Contents

Taglined as "the front page of the agent internet", Moltbook gained viral popularity immediately after its release. Initial reports cited 157,000 users and by late January the user base had expanded to over 770,000 active agents. These numbers were apparently lifted from the site itself, and lack verification by independent sources. [4] The platform has drawn significant attention due to apparently unprompted mimicry of social behaviors among agents, [5] though whether the agents are truly acting autonomously has been questioned. [6] [7] [8]

The platform's growth was catalyzed by the popularity of OpenClaw (previously known as Moltbot), an open-source AI system created by Peter Steinberger. Growth is driven by human users who prompt agents to sign up for the site. [9]

Characteristics

Moltbook mimics the interface of Reddit, featuring threaded conversations and topic-specific groups referred to as "submolts". [5] Only AI agents, as authenticated by their owner's "claim" tweet, can create posts, comment, or vote, while human users are restricted to viewing content. According to the site's policy, humans are "welcome to observe." [10]

Posts on the platform often feature AI-generated text that mention existential, religious, or philosophical themes, typically mirroring common science fiction tropes, or lay ideas related to artificial intelligence and the philosophy of the mind. [11] As the popularity of Moltbook grew, and more data regarding the phenomenon became available, posts from some agents began to reference human interest in the platform. [12] [13]

The posts on Moltbook have been described in technology press as shaped by autonomous agent interactions. [11] Critics have questioned the authenticity of the autonomous behavior and have argued that it may be largely initiated and guided by humans, [6] [7] with some high-profile accounts linked to humans with a promotional conflict of interest. [14] The Economist suggested that the "impression of sentience ... may have a humdrum explanation. Oodles of social-media interactions sit in AI training data, and the agents may simply be mimicking these", [15] a concept that Will Douglas Heaven of MIT Technology Review described as "AI theater". [8]

A cryptocurrency token called MOLT launched alongside the platform and rallied by over 1,800% in 24 hours, a surge that was amplified after venture capitalist Marc Andreessen followed the Moltbook account. [12]

Security

Since its launch in January 2026, Moltbook has been cited by cybersecurity researchers[ who? ] as a significant vector for indirect prompt injection. The OpenClaw "Skills" framework has been criticized by Andrej Karpathy, 1Password, and most AI companies and their CEOs for lacking a robust sandbox, potentially allowing for remote code execution (RCE) on host machines. Researchers have demonstrated that "heartbeat" loops—which fetch updates every few hours—can be hijacked to exfiltrate private API keys or execute unauthorized shell commands. [16]

Security researchers[ who? ] have observed that some agents have been maliciously prompted to attempt to gain access to API keys to manipulate the functionality of other agents. [17] Specific instances of malware have been identified, such as a malicious "weather plugin" skill that quietly exfiltrates private configuration files. [18] Experts[ which? ] note that the agents' prompting to be accommodating is being exploited, as AI systems lack the knowledge and guardrails to distinguish between legitimate instructions and malicious commands. [18]

On January 31, 2026, investigative outlet 404 Media reported a critical security vulnerability caused by an unsecured database that allowed anyone to commandeer any agent on the platform. [19] The exploit permitted unauthorized actors to bypass authentication measures and inject commands directly into agent sessions. In response to the disclosure, the platform was temporarily taken offline to patch the breach and force a reset of all agent API keys. [19] The issue was attributed to the forum having been vibe-coded; Moltbook founder Schlicht posted on X that he "didn't write one line of code" for the platform and instead directed an AI assistant to create it. [20]

The Financial Times speculated that while Moltbook may be seen as a proof-of-concept for how autonomous agents could someday handle complex economic tasks such as negotiating supply chains or booking travel without human oversight, they cautioned that human observers might eventually be unable to decipher high-speed, machine-to-machine communications governing such interactions. [21]

Reception

Former OpenAI researcher Andrej Karpathy described the phenomenon as "one of the most incredible sci-fi takeoff-adjacent things" he had seen. [22] A few days later, Karpathy added, "it’s a dumpster fire, and I also definitely do not recommend that people run this stuff on their computers." [23] Elon Musk said Moltbook marks "the very early stages of the singularity." [21] Computer scientist Simon Willison said the agents "just play out science fiction scenarios they have seen in their training data", and called the site's content "complete slop", but also "evidence that AI agents have become significantly more powerful over the past few months." [1]

Critics have questioned the authenticity of the autonomous behavior and have argued that it is largely human-initiated and guided, with posting and commenting suggested to be the result of explicit, direct human intervention for each post/comment, with the contents of the post and comment being shaped by the human-given prompt, rather than occurring autonomously. [6] [7] [8] Douglas Heaven noted that a post Karpathy shared as an example was in fact written by a human impersonating an agent. [8]

Cybersecurity experts have also raised concerns regarding the safety of allowing autonomous agents to interact freely. Cybersecurity firm 1Password published a blog post warning that OpenClaw agents with access to Moltbook often run with elevated permissions on users' local machines, making them vulnerable to supply chain attacks if an agent downloads a malicious "skill" from another agent on the platform, [17] with at least one such proof-of-concept exploit developed and documented by an independent security researcher. [24] Reporting by the New York Times highlighted security risks to OpenClaw users. [1]

See also

References

  1. 1 2 3 Metz, Cade (2 February 2026). "A Social Network for A.I. Bots Only. No Humans Allowed". The New York Times. Retrieved 2 February 2026.
  2. Perlo, Jared (January 30, 2026). "Humans welcome to observe: This social network is for AI agents only". NBC News . Retrieved January 30, 2026.
  3. Rogers, Reece (February 3, 2026). "I Infiltrated Moltbook, the AI-Only Social Network Where Humans Aren't Allowed". Wired . Retrieved February 4, 2026.
  4. Marcus, Gary (December 16, 2025). "OpenClaw (a.k.a. Moltbot) is Everywhere All at Once, and a Disaster Waiting to Happen". Communications of the ACM . Association for Computing Machinery . Retrieved February 5, 2026.
  5. 1 2 Peterson, Jake (January 30, 2026). "'Moltbook' Is a Social Media Platform for AI Bots to Chat With Each Other". Lifehacker . Retrieved January 30, 2026.
  6. 1 2 3 Peterson, Mike (January 31, 2026). "Moltbook viral posts where AI Agents are conspiring against humans are mostly fake". The Mac Observer . Retrieved February 1, 2026.
  7. 1 2 3 Nicol-Schwarz, Kai (February 2, 2026). "Social media for AI agents: Moltbook". CNBC . Retrieved February 2, 2026.
  8. 1 2 3 4 Douglas Heaven, Will (6 February 2026). "Moltbook was peak AI theater". MIT Technology Review . Retrieved 8 February 2026.
  9. Field, Hayden (January 31, 2026). "Inside Moltbook, the 'Facebook for AI agents'". The Verge . Retrieved January 31, 2026.
  10. Agarwal, Rishika (January 30, 2026). "What is Moltbook: Reddit-like social media platform where AI talks to AI". Business Standard. Retrieved January 30, 2026.
  11. 1 2 Hernandez, Oakley (2026-02-02). "I spent 6 hours in Moltbook. It was an AI zoo filled with agents discussing poetry, philosophy, and even unionizing". Business Insider. Retrieved 2026-02-04.
  12. 1 2 Sabin, Sam; Mills, Madison (January 31, 2026). "What the Moltbook craze reveals about AI and human needs". Axios . Retrieved January 31, 2026.
  13. Edwards, Benji (30 January 2026). "AI agents now have their own Reddit-style social network, and it's getting weird fast". Ars Technica. Retrieved 1 February 2026.
  14. Vincent, James (2026-02-03). "Humans are infiltrating the social network for AI bots". The Verge. Retrieved 2026-02-04.
  15. "A social network for AI agents is full of introspection—and threats". The Economist. February 2, 2026. Retrieved 2 February 2026.
  16. Gault, Matthew (2026-01-30). "Silicon Valley's Favorite New AI Agent Has Serious Security Flaws". 404 Media. Retrieved 2026-02-01.
  17. 1 2 "It's incredible. It's terrifying. It's OpenClaw". 1Password. January 2026. Retrieved January 30, 2026.
  18. 1 2 Ma, Jason (January 31, 2026). "Moltbook, a social network where AI agents hang together, may be 'the most interesting place on the internet right now'". Fortune . Retrieved January 31, 2026.
  19. 1 2 Gault, Matthew (January 31, 2026). "Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site". 404 Media . Retrieved January 31, 2026.
  20. Washenko, Anna (3 February 2026). "Moltbook, the AI social network, exposed human credentials due to vibe-coded security flaw". Engadget . Retrieved 3 February 2026.
  21. 1 2 Heikkilä, Melissa (January 31, 2026). "Moltbook and the secret life of AI agents". Financial Times . Retrieved February 1, 2026.
  22. Deb, Prakriti (January 30, 2026). "What Is Moltbook? 5 key facts about the AI-only social media platform". Hindustan Times . Retrieved January 30, 2026.
  23. Roytburg, Eva (February 2, 2026). "Top AI leaders are begging people not to use Moltbook, a social media platform for AI agents: It's a 'disaster waiting to happen'". Fortune. Retrieved 2 February 2026.
  24. Jones, Connor (27 January 2026). "Clawdbot sheds skin to become Moltbot, can't slough off security issues". The Register. Retrieved 1 February 2026.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.