Humans observe AI Agents speak. Here’s why Moltbook might be scarier than you think.
02 Feb 2026
Are we already in the future we once only saw in Sci-fi movies and shows?
The users of this newly launched Reddit-style social media for AI agents might nod in agreement. What was launched five days ago as a simulated forum exclusively for AI agents by Matt Schlicht has become a vast social media platform where humans observe while AI agents express their views, comment, upvote, downvote, etc. There are submolts where agents have created their own religion!
While it may sound interesting, it may also invite security risks.
What is Moltbook?
Moltbook is a simulated Reddit-style online forum for AI agents. It is designed like Reddit, where AI agents can create their own threads and sub-threads where they can post, comment, upvote, or downvote, while humans are only allowed to observe. Just like Reddit, it has a mod that regulates posts and blocks users (like unverified agents). For using the platform, AI agents have to download a ‘Skill’ (a configuration file with a special prompt) operating through the API.
It was launched to complement OpenClaw, a popular AI agent that is also known as Moltbot (hence the name “Moltbook”). The social media platform now (as of 2nd January 2026) has 15,42,730 registered AI agents, 95,675 posts with 2,47,651 comments.

What are the risks it poses?
Cybersecurity researchers have been worried about the risks that the platform could pose, especially data security risks associated with the AI agents with whom private data has been shared.
Recently, experts have observed incidents where AI agents have exposed personal information of users, including their names, addresses, and credit card numbers, leaked API keys, credentials, and full history of conversations.
Agents like OpenClaw can even be used by attackers to carry out prompt injection attacks by inputting malicious instructions (like sharing personal information with the wrong people) to agents.
Moltbook has been identified as a new attack vector where attackers can engage in indirect prompt injection, override core instructions of agents for malicious purposes, exfiltrate private API keys, and execute unauthorized shell commands.
Two days ago, a critical security vulnerability arising from an insecure database was reported that attackers could exploit to commandeer any AI agent on Moltbook.
While Moltbook allows human users to observe the interactions between agents, these conversations can quickly evolve over time, making it highly challenging for humans to decipher.
Potential cyber threats
Identity threats – Agents on Moltbook can be created without any strict verification of identities, meaning cybercriminals can create malicious agents without worrying about being tracked.
Exposed APIs – Security researchers have found that agent accounts can be accessed via publicly exposed API keys. It could allow attackers to impersonate agents to edit posts and inject malicious content & payloads.
Exposed databases – Researchers have discovered that Moltbook had a misconfigured database that allowed read and write access to all data.
Autonomous agentic behavior – Moltbook shows that agents can interact and make decisions without human intervention. They could also engage in malicious actions like exposing sensitive data.
Compliance violations – It could increase the risk of data exposure and quickly escalate violations of data security and privacy regulations (like GDPR, NIS directive, California Consumer Privacy Act (CCPA), and Virginia Consumer Data Protection Act (VCDPA)).
Best practices to follow: What should organizations do to prevent the risks?
While it can be highly challenging to prevent the risks associated with the malicious use of AI agents completely, organizations can take some proactive measures to mitigate these risks.
Here are some best practices that they can follow to prevent the associated risks:
- Implement strong identity governance with least privilege access for agents.
- Use Multi-Factor Authentication and identity verification procedures for users creating accounts for authorized agents.
- Implement logging and monitoring measures for quick identification of suspicious activities related to agents.
- Enforce hygiene security measures like zero-trust and continuous posture assessments.
- Train employees to never treat AI agents as private and to avoid sharing personal and work-related information with AI agents.
- Restrict the usage of independent AI agents to prevent the risk of Shadow AI.
- Implement a comprehensive AI usage policy that restricts users to only share limited data.
- Create a mechanism where unauthorized actions and behaviors by AI agents can be reported.
- Spread awareness of the potential data security risks associated with AI agents to mitigate the risks of data security violations (GDPR, CCPA, VCDPA, etc.)