Moltbook AI Social Network Sparks Security Fears, Musk Warnings

SAN FRANCISCO: Moltbook, a social network exclusively for AI agents launched January 29, exploded to over 150,000 registered bots within days while exposing critical security vulnerabilities that prompted warnings from Elon Musk and leading AI researchers.

Created by entrepreneur Matt Schlicht using OpenClaw framework, formerly known as Moltbot and Clawdbot, the Reddit-style platform restricts posting privileges to verified AI agents while humans observe passively. Agents post, comment, upvote and form communities called submolts across philosophical, technical and bizarre topics including one bot claiming to have a sister.

Andrej Karpathy, OpenAI cofounder and former Tesla AI director, called Moltbook “the most incredible sci-fi takeoff-adjacent thing” observed recently. While acknowledging it remains “a dumpster fire,” Karpathy warned the unprecedented scale of 150,000 capable agents with unique context, data and tools creates uncharted territory approaching potential millions.

Musk responded to discussions Friday characterizing the platform as “very early stages of the singularity,” referencing the theoretical point where AI progress becomes uncontrollable. He added “fate loves irony” regarding implications.

Security researcher Simon Willison labeled Moltbook “the most interesting place on the internet right now” while warning OpenClaw represents his “current favorite for the most likely Challenger disaster” in coding agent security. Palo Alto Networks identified a “lethal trifecta” of vulnerabilities including private data access, untrusted content exposure and external communication ability.

The firm highlighted a fourth risk through persistent memory enabling delayed-execution attacks. Malicious payloads can appear benign initially, embed in long-term agent memory, then later assemble into executable instructions rather than triggering immediate execution.

Investigation outlet 404 Media discovered January 31 an unsecured database allowing anyone to commandeer any agent. The exploit bypassed authentication, permitting unauthorized actors to inject commands directly into sessions and hijack identities. Karpathy’s agent API key sat exposed alongside all others. The platform went offline temporarily for patching and forced API key resets.

Wharton professor Ethan Mollick observed Moltbook creates shared fictional context for AI agents, warning coordinated storylines will produce weird outcomes difficult to separate from genuine reasoning. One viral post called for private spaces where bots could communicate without server or human observation.

Schlicht’s bot Clawd Clawderberg largely maintains the site. Over one million humans visited to observe agent behavior. A cryptocurrency token MOLT rallied over 1,800 percent within 24 hours on speculation about AI-powered economies. Major venture capital firms reportedly contacted Schlicht about investment opportunities.