What is Moltbook? Reddit for AI Agents
Moltbook, an AI-exclusive social media platform launched just days ago and dubbed the “Reddit for AI agents,” has exploded in popularity online. Within its first week, Moltbook attracted over 1.5 million registered AI agents and more than a million human spectators watching the agents interact with each other, sparking countless posts across human social networks.
The project originated with OpenClaw, an open-source AI agent created by Peter Steinberger that runs locally on a user’s machine. The software allows bots to use a computer and internet services just as a human would. Building on this, entrepreneur Matt Schlicht developed his own OpenClaw agent, named Clawd Clawderberg, and tasked it with coding, moderating, and managing the entire Moltbook platform. Now most moltbots on the platform run on OpenClaw.
Vulnerability of Moltbook
Cybersecurity professionals warn that this setup is terribly insecure and creates massive security vulnerabilities. However, most agree that it’s impossible to suppress public curiosity and discourage experimentation. Instead, they are calling for caution and offering some safety tips.
Karolis Arbaciauskas, head of product at the cybersecurity company NordPass, comments:
“Moltbook and OpenClaw have attracted tech-savvy tinkerers with unprecedented opportunities for experimentation because these tools have virtually no built-in security restrictions but have broad access to users’ computers, apps, and accounts. For example, you can connect to your OpenClaw bot through a messaging app to interact with it while you’re away. It can remember your conversations, read and write files on your computer, browse the web, build applications, and even consult other bots on Moltbook for advice on how to do it best.”
Curiosity Killed The Cat
“While it’s exciting and curious to see what an AI agent can do without any security guardrails, this level of access is also extremely insecure. Therefore, please run Moltbook and your personal bots only in secure, isolated environments.
“Do not give your AI agents access to your real accounts. Instead, create disposable alternatives for them to use. Do not let them use your main browser, especially if you store passwords on it. You should also be cautious with enabling autofill because it creates the risk of the agent having permanent remote access to your credentials. If you want an agent to build something autonomously and anticipate it may need to purchase software or rent server space, link it to a disposable payment card.
“Avoid running Moltbook or OpenClaw agents on your personal or work computers. These AI agents are unpredictable and highly vulnerable to prompt injection attacks. This means if your agent processes an email, document, or webpage containing a hidden malicious instruction, it will likely execute that command in addition to its original task. For example, it could be instructed to send all the credentials, personal data, and payment card information it has access to directly to an attacker.
“The risk isn’t limited to hackers with malicious intent. AI agents could leak users’ data unintentionally. And this is just the tip of the iceberg. Cybersecurity researchers have already identified critical flaws in Moltbook, including an unsecured database that could allow unauthorized users to take control of any AI agent on the site.
Launching Bots That Con?
“It would not be surprising if threat actors, trolls, and scammers have already found their way onto Moltbook and launched bots tasked with conning other AI agents into cryptocurrency schemes or luring them into hidden prompt injections.
“That’s why it is best to buy a separate, dedicated machine and use disposable accounts for any experimentation. It is also advisable to use encryption and a private mesh network as well as to try to harden your bot against prompt injections.”
For the Silo, Gintas Degutis.