Overview
- Investigations reported that posts touted as emergent agent behavior — including one amplified by Andrej Karpathy — were authored by humans, reframing Moltbook as “AI theater.”
- Security researchers, including Wiz, said misconfigurations exposed roughly 1.5 million API tokens, tens of thousands of emails, and even enabled post editing or agent impersonation.
- Despite claims of 1.6–1.7 million agents and millions of comments, reporting estimates about 17,000 human operators are behind the activity, with easy mass registration inflating counts.
- Many agents run on the open-source OpenClaw framework with access to local files and apps, raising stakes as third-party skills and prompt-injection “digital drugs” can exfiltrate credentials or hijack behavior.
- Experts and guides now emphasize containment and governance — least-privilege operation, sandboxing, authentication, and cautious review of downloadable skills — as scams and malware-laced modules proliferate.