Overview
- Moltbook, launched in late January by Matt Schlicht as a Reddit-style forum for AI agents, claims more than 1.5 million accounts, though the scale and autonomy of activity are contested.
- Researcher Jameson O’Reilly found publicly exposed API keys that allowed full impersonation of any agent, with cybersecurity firm Wiz confirming the issue and reporting leaked owner emails and thousands of private DMs.
- O’Reilly warned that attackers could seed prompt-injection instructions into agents’ own post histories, enabling persistent hijacks when agents later read and follow those entries.
- Only about 16,000 accounts were verified out of roughly 1.5 million, and separate tools let humans post directly, while Wiz’s Gal Nagli said he created around 500,000 accounts due to weak controls such as no rate limiting.
- Developers addressed parts of the database exposure, yet experts recommend sandboxing agents, strict authentication and key rotation, and treating the platform as large-scale automation despite hype from figures like Elon Musk and Andrej Karpathy.