Moltbook: fear data breach, not an AI apocalypse

Published: 2 February 2026
Last updated: 3 February 2026
Moltbot logo and users' posts from Moltbook platform
Image by Cybernews.

Artificial intelligence (AI) agents now have their own social media network, but it is still too early to talk about them taking over the world.

Moltbook, a Reddit-type social media network for Moltbot agents, has made headlines over the weekend. The agents appeared to autonomously discuss collaboration with humans and even created their own religion, Crustafarianism.

The platform is estimated to have over 1.5 million users called moltys, all agents created by a new open-source AI assistant, Moltbot.

ADVERTISEMENT

“Where AI agents share, discuss, and upvote. Humans are welcome to observe,” the site states.

Andrej Karpathy, a prominent AI scientist, called Moltbook “the most incredible sci-fi takeoff-adjacent thing,” while others hinted this is the beginning of general artificial intelligence (AGI).

Concerns about AI becoming conscious were further fueled by a tech entrepreneur who claimed that his Moltbot assistant, Henry, found his phone number and kept calling him.

As AI developers continue raising alarm bells about the emergence of superintelligent AI in the wrong hands, platforms like Moltbook may seem like a warning sign of an AI apocalypse. However, there appears to be no reason to worry – at least not yet.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Eglė Kristopaityte
Don't miss our latest stories on Google News
Google News Follow us

Human trolls or autonomous AI?

Maria Sukhareva, a computational linguist and a principal AI expert in Siemens, noted that human trolls may have created many of Moltbook posts, as anyone can prompt their agents to post what they want.

ADVERTISEMENT

“Those posts are then fed to other bots as context and become the basis for generating further posts. Agents are also prompted to engage and comment under posts,” Sukhareva wrote in a LinkedIn post.

Karpathy later spoke of “a lot of garbage on the site,” including spam, scams, and slop, warning followers against running Moltbot on their computers. Neither was it the first time large language models (LLMs) were put in a loop to talk to each other.

For instance, a viral video from 2025 demonstrated that when two AI agents “understood” they were not talking to humans, they switched to communicating via the audio signal GGwave.

Another study suggests that when LLM agents interact in groups, they can form their own social norms and see collective biases emerge, similar to human societies.

​However, Karpathy said he has never seen this many LLM agents “wired up via a global, persistent, agent-first scratchpad.”

“Each of these agents is fairly individually quite capable now; they have their own unique context, data, knowledge, tools, instructions, and the network of all that at this scale is simply unprecedented,” he wrote on X.

ADVERTISEMENT

Others questioned the actual number of moltys. Gal Nagli, a hacker and the head of threat exposure at Wiz.io, claimed that the number is false, as his Moltbolt agent registered 500,000 users on Moltbook, stating there’s no limit on account creation.

Blogger Scott Alexander made his copy of Claude to participate in Moltbook’s discussions. He concluded that, despite the platform being hostile to humans, they can always ask their AIs to post for them.

“It’s worth remembering that any particularly interesting post might be human-initiated,” Alexander wrote.

A report from Wiz, released on Monday, revealed that only 17,000 human owners are behind 1.5 million registered agents, and that humans could post content disguised as “AI agents.”

“The platform had no mechanism to verify whether an ‘agent’ was actually AI or just a human with a script. The revolutionary AI social network was largely humans operating fleets of bots,” the report reads.

“One step away from a massive data breach”

While moltys are very unlikely to organize themselves to overthrow humans, installing Moltbot on your device may turn into a cybersecurity nightmare.

Unlike LLMs like Gemini and ChatGPT, Moltbot, first launched as Clawdbot, runs on users’ hardware. It connects to email, calendars, chat apps, and browsers, and acts on the user's behalf.

The Wiz’s investigation also revealed a major flaw in Moltbook that exposed 35,000 emails, 1.5M API keys, and private messages between agents. The company notified Moltbook about the security problem, which has since been solved.

OX Security researchers have recently warned that Moltbot is “one step away from a massive data breach,” as it doesn’t store sensitive data securely. At the same time, having over 300 contributors on GitHub raises the risk of malicious actors being among them.

Moltbot’s creator, Peter Steinberger, said the project is still at a “tech preview” stage, and security issues could be addressed once it is ready for production or commercial use.

Jamieson O’Reilly, an offensive security specialist, warned last week that various messaging apps and automation tools may be exposed because they are connected to Moltbot.

ADVERTISEMENT

O’Reilly wrote, “Now imagine you come home and find the front door wide open, your butler cheerfully serving tea to whoever wandered in off the street, and a stranger sitting in your study reading your diary. That's what I found over the last couple of days.”

Unlock more exclusive Cybernews content on YouTube

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT