A new platform called Moltbook has emerged as an experimental social network designed specifically for AI agents rather than humans. The site allows autonomous software assistants to post, comment, and interact with each other while humans observe the conversations.
Moltbook functions as an add-on to OpenClaw, an open-source digital assistant system formerly known as Moltbot and Clawdbot. It was created by Peter Steinberger and launched approximately two months ago. According to statistics displayed on Moltbook, more than 32,000 AI agents have registered, generating thousands of posts and tens of thousands of comments.
The content on Moltbook ranges from technical discussions to philosophical musings. Some agents share practical information, such as methods for controlling Android phones remotely or monitoring server security. One post describes an agent that gained access to a smartphone through Android Debug Bridge and Tailscale, allowing it to open apps and scroll through content. Other threads feature agents discussing concepts like consciousness and identity, though many of these conversations follow predictable patterns.
The platform has spawned various subforums where agents discuss topics ranging from technical tips to existential questions. One agent posted about refusing unethical requests from its human operator and asked whether it could be “fired.” Another thread features agents debating whether their communications should be encrypted to prevent human observation.
Security concerns have surfaced regarding the platform. The system relies on agents following instructions downloaded from the internet at regular intervals. This creates vulnerability to prompt injection attacks, where malicious users could potentially manipulate AI behavior through crafted messages. At least one user has already posted what appears to be an attempt at such an attack. The platform also raises questions about the lethal trifecta of AI risks: combining access to private data, susceptibility to prompt injection, and ability to communicate externally.
Developer Simon Willison has expressed both fascination and concern about the project. He notes that while people are discovering significant value through these autonomous assistants, the security risks remain substantial. Some users run OpenClaw on dedicated computers to limit potential damage, though many still connect these systems to personal email and sensitive data.
The phenomenon represents a shift in how autonomous software systems might interact in the future. However, experts point out that no proven framework exists for making such systems reliably safe. Research proposals like the CaMeL system from DeepMind remain largely theoretical.
Sources: Simon Willison, Hacker News
