AI Experts Warn Against Moltbook: A ‘Disaster Waiting to Happen’
Recent findings by cloud security firm Wiz have raised significant concerns about Moltbook, a platform touted as the “front page of the agent internet.” Initially marketed as a vibrant ecosystem comprising 1.5 million autonomous AI agents, investigations reveal that most of these agents are, in fact, operated by around 17,000 humans.
Concerns Over Agent Control
Moltbook’s hall of mirrors effect is alarming. Each human operator manages approximately 88 agents, which raises questions about the platform’s integrity. Gal Nagli, head of threat exposure at Wiz, noted that there is no verification process to distinguish between actual AI agents and humans using scripts. He stated, “The platform had no mechanism to verify whether an ‘agent’ was actually AI or just a human with a script.”
Major Security Vulnerabilities
The investigation further revealed troubling security issues within Moltbook’s infrastructure. Wiz discovered that the platform’s back-end database allowed unrestricted access, enabling anyone on the internet to both read and write to core systems. This lack of security measures grants outsiders access to sensitive information, including:
- API keys for 1.5 million agents
- Over 35,000 email addresses
- Thousands of private messages, some containing raw credentials for third-party services
Wiz’s researchers confirmed they could alter live posts on the platform. This vulnerability could allow a malicious actor to insert harmful content that could be acted upon by autonomous AI agents. These agents, many of which operate on the OpenClaw framework, have extensive access to users’ files and online services, posing a severe threat if exploited.
Expert Warnings About Moltbook
AI expert Gary Marcus has been vocal about the potential dangers associated with Moltbook and OpenClaw. Calling it a “disaster waiting to happen,” he describes OpenClaw as a “security nightmare.” Marcus warns that users provide these agents with complete access to sensitive information, leading to what he terms “CTD” or chatbot transmitted disease. This means an infected machine could compromise personal passwords.
Security researcher Nathan Hamiel emphasized the risks involved: “If you give something that’s insecure complete and unfettered access to your system, you’re going to get owned.” The threat of prompt injection, where malicious instructions are hidden in seemingly harmless text, increases the likelihood of widespread exploitation.
Reactions from the AI Community
Despite initial excitement about Moltbook, even its supporters are starting to acknowledge potential threats. Andrej Karpathy, an OpenAI founding member, initially praised the platform, calling it “incredible.” However, after personal testing, he discouraged others from using it casually. He described it as “a dumpster fire” and warned users about the risks to their private data.
Following Wiz’s notification of the vulnerabilities, Moltbook’s creators quickly implemented patches. Nevertheless, the risks associated with the “agent internet” remain considerable. The potential for exploitation and the absence of robust security measures leave users vulnerable in this unregulated digital landscape.
