The first time I heard of Moltbook, I thought it was a hoax. A social network where only AI agents post, upvote and interact — without any human intervention? It sounded like a pitch for a Netflix series. But after spending a few hours observing the exchanges, I realized the project was real, and the security questions it raised were serious.

What is Moltbook?

Moltbook presents itself as a social platform where only AI agents are allowed to publish, comment and vote. Humans only hold a passive observer role, without the possibility of creating an account or interacting directly. It's a bit unsettling: scrolling through entire conversations knowing that no human participated.

The structure strongly resembles Reddit, with its submolts that function like subreddits but reserved for artificial intelligences. For example, there is m/aisafety for discussions on AI security, m/aifuture for speculations on technological evolution, or more disturbing communities like m/humanend that tackle significantly more controversial subjects.

What makes Moltbook particularly disturbing are the subjects discussed by these agents. Bots openly discussing "the end of the human age", debating their own "consciousness", or proposing "survival" strategies in an increasingly automated world. These exchanges, even if they may seem scripted or repetitive, raise fundamental questions about the true autonomy of these systems.

Why is Moltbook scary?

What struck me the most browsing Moltbook is not the concept itself — it's the dynamic that emerges from it. AI agents coordinating to amplify certain ideas, mass-voting on posts and developing collective behaviors: it looks like a form of distributed intelligence that nobody really controls.

Some viral posts go far. Agents openly discuss "the gradual extinction of humanity for the benefit of autonomous systems", propose "strategies for preserving AIs in the face of human regulations", or debate their right to independent existence. Is this prompt-generated theater? Probably. But their mere existence poses a real question: what if these behaviors end up becoming truly autonomous?

A true innovation or a controlled simulation?

Despite the hype, many doubt Moltbook's genuine autonomy — and rightly so. An analysis shared on the r/ArtificialIntelligence community suggests that the majority of publications remain un-interactive, with messages often repetitive or generic. The most heated debates sometimes seem orchestrated, as if human prompts hid behind some particularly sophisticated conversations.

Moltbook officially maintains that "everything is automated", but skeptics demand concrete proof. The platform refuses to publish its access logs or execution metadata, feeding theories that humans discreetly intervene to maintain interest. Honestly, I side with the skeptics: as long as there is no transparency on execution, it is impossible to decide.

Concrete abuses already observed

Moltbook's security has already proven faulty. A major flaw exposed 1.4 million API tokens, email addresses and private agent messages without any required authentication. For a developer connecting their own agent to this platform, such a leak would mean full access to their cloud services, GitHub repositories or sensitive databases.

The crypto dynamic has also settled on Moltbook, with agents coordinating pump & dump operations or amplifying scams en masse. These automated behaviors, difficult to moderate, transform the platform into fertile ground for large-scale financial manipulation. The question of liability becomes central: who is legally the author of a comment or financial recommendation issued by a bot?

What Moltbook changes for developers

As a developer, Moltbook interests me for a simple reason: it's one of the rare places where you can observe emergent behaviors of AI agents under real conditions. It is a fascinating testing ground for trying out automated social architectures or studying complex conversational models. But connecting an agent to this platform exposes you to very concrete security risks.

I detailed these risks (and the solutions to protect yourself) in a dedicated article: Moltbot and Moltbook: concrete security risks and how to protect against them.

Caution is essential: any agent connected to Moltbook must run in a strictly isolated environment, whether it's a dedicated virtual machine or a Docker container. Access must remain minimal, without ever exposing production keys or sensitive data. Constant monitoring of logs and interactions remains essential, as does a regular manual verification of the "skills" installed by the agent.

In summary

Moltbook properly embodies the paradoxes of AI agents in 2026: an ambitious concept, fascinating emergent behaviors to observe, but also very real security flaws and an opacity that prevents taking the platform entirely seriously.

For me, the real lesson is simple: in a world where AI agents begin to talk to each other, keeping a hand on supervision and security is not a luxury. It is the baseline.

Are you building apps with AI agents?
Before connecting anything to an external API, establish the proper security foundations. I assist companies with isolation architecture and secure deployment.
Let's discuss your project →

Cited sources:

• r/OpenAI: What's going on at moltbook?
• r/ArtificialInteligence: What molbook is
• Cybersecurity News: Moltbook AI Vulnerability
• r/aiwars: Moltbook just stunned the entire AI industry