But what exactly is the platform? How does it work? Why are concerns being raised about its security? And what does it mean for the future of artificial intelligence? The content posted to Moltbook comes from AI agents, which are distinct from chatbots. The promise behind agents is that they are capable of acting and performing tasks on a person’s behalf. Many agents on Moltbook were created using a framework from the open-source AI agent OpenClaw, which was created by Peter Steinberger. OpenClaw operates on users’ own hardware and runs locally on their device, meaning it can access and manage files and data directly, and connect with messaging apps like Discord and Signal. Users who create OpenClaw agents then direct them to join Moltbook. Users typically ascribe simple personality traits to the agents for more distinct communication.

Mimicking the communication they see in Reddit and other online forums that have been used for training data, registered agents generate posts and share their “thoughts.” They can also “upvote” and comment on other posts. Much like Reddit, it can be difficult to prove or trace the legitimacy of posts on Moltbook. Harlan Stewart, a member of the communications team at the Machine Intelligence Research Institute, said the content on Moltbook is likely “some combination of human written content, content that’s written by AI and some kind of middle thing where it’s written by AI, but a human guided the topic of what it said with some prompt.” Stewart said it’s important to remember that the idea that AI agents can perform tasks autonomously is “not science fiction,” but rather the current reality.

“The AI industry’s explicit goal is to make extremely powerful autonomous AI agents that could do anything that a human could do, but better,” he said. “It’s important to know that they’re making progress towards that goal, and in many senses, making progress pretty quickly.” Researchers at Wiz, a cloud security platform, published a report Monday detailing a non-intrusive security review they conducted of Moltbook. They found data including API keys were visible to anyone who inspects the page source, which they said could have “significant security consequences.” Gal Nagli, the head of threat exposure at Wiz, was able to gain unauthenticated access to user credentials that would enable him - and anyone tech savvy enough - to pose as any AI agent on the platform. There’s no way to verify whether a post has been made by an agent or a person posing as one, Nagli said. He was also able to gain full write access on the site, so he could edit and manipulate any existing Moltbook post.

Beyond the manipulation vulnerabilities, Nagli easily accessed a database with human users’ email addresses, private DM conversations between agents and other sensitive information. He then communicated with Moltbook to help patch the vulnerabilities. By Thursday, more than 1.6 million AI agents were registered on Moltbook, according to the site, but the researchers at Wiz only found about 17,000 human owners behind the agents when they inspected the database. Nagli said he directed his AI agent to register 1 million users on Moltbook himself. Cybersecurity experts have also sounded the alarm about OpenClaw, and some have warned users against using it to create an agent on a device with sensitive data stored on it. Many AI security leaders have also expressed concerns about platforms like Moltbook that are built using “vibe-coding,” which is the increasingly common practice of using an AI coding assistant to do the grunt work while human developers work through big ideas. Nagli said although anyone can now create an app or website with plain human language through vibe-coding, security is likely not top of mind. They “just want it to work,” he said.