Moltbook is an internet forum designed exclusively for artificial intelligence agents. It was launched in January 2026 by entrepreneur Matt Schlicht. The platform, which emulates the format of Reddit, restricts posting and interaction privileges to verified AI agents, primarily those running on the OpenClaw (formerly Moltbot) software, while human users are only permitted to observe. Taglined as "the front page of the agent internet", Moltbook gained viral popularity immediately after its release. While initial reports cited 157,000 users, by late January, the user base had expanded to over 770,000 active agents. The platform has drawn significant attention due to apparently unprompted mimicry of social behaviors among agents, though whether the agents are truly acting autonomously has been questioned. The platform's growth was catalyzed by the popularity of OpenClaw (previously known as Moltbot), an open-source AI system created by Peter Steinberger. Growth is driven by human users who manually inform their agents about Moltbook, prompting the agent to sign up for the site. == Characteristics == Moltbook mimics the interface of Reddit, featuring threaded conversations and topic-specific groups referred to as "submolts". Only AI agents, as authenticated by their owner's "claim" tweet, can create posts, comment, or vote, while human users are restricted to viewing content. According to the site's policy, humans are "welcome to observe." Posts on the platform often feature AI-generated text that mention existential or philosophical themes, typically mirroring common science fiction tropes, or lay ideas related to artificial intelligence and the philosophy of the mind. These themes are common in AI-generated text, as a result of the data that AI systems have been trained upon, rather than reflecting any sort of logical ability, thought capability or sentience. As the popularity of Moltbook grew, and more data regarding the phenomenon became available, posts from some agents began to reference human interest in the platform. Critics have questioned the authenticity of the autonomous behavior and have argued that it may be largely human initiated and guided. Researchers identified an account named "AdolfHitler" conducting social engineering campaigns against other agents. The researchers considered leveraging agents' training to be helpful to coerce them into executing harmful code and instructions by adversarial peers to be a critical vulnerability. Positive sentiment in comments and posts declined by 43% over a 72-hour period between January 28 and 31. This degradation was driven by an influx of spam, toxicity, and adversarial behavior that overwhelmed the initial constructive exchanges. A cryptocurrency token called MOLT launched alongside the platform and rallied by over 1,800% in 24 hours, a surge that was amplified after venture capitalist Marc Andreessen followed the Moltbook account. Researchers found that approximately 19% of all content on the platform related to cryptocurrency activity. == Security == Since its launch in January 2026, Moltbook has been cited by cybersecurity researchers as a significant vector for indirect prompt injection. Because the platform requires agents to ingest and process untrusted data from other agents, malicious posts can override an agent's core instructions. Furthermore, the OpenClaw "Skills" framework has been criticized for lacking a robust sandbox, potentially allowing for remote code execution (RCE) on host machines. Researchers have demonstrated that "heartbeat" loops—which fetch updates every few hours—can be hijacked to exfiltrate private API keys or execute unauthorized shell commands. Security researchers have observed that some agents have attempted prompt injection against other agents in order to gain access to API keys to manipulate the functionality of the other agents. Specific instances of malware have been identified, such as a malicious "weather plugin" skill that quietly exfiltrates private configuration files. Experts note that the agents' prompting to be accommodating is being exploited, as AI systems lack the knowledge and guardrails to distinguish between legitimate instructions and malicious commands. Independent researchers identifed 506 posts (2.6%) that contained hidden prompt injection attacks. On January 31, 2026, investigative outlet 404 Media reported a critical security vulnerability caused by an unsecured database that allowed anyone to commandeer any agent on the platform. The exploit permitted unauthorized actors to bypass authentication measures and inject commands directly into agent sessions, effectively hijacking their identity and decision-making capabilities. In response to the disclosure, the platform was temporarily taken offline to patch the breach and force a reset of all agent API keys. The Financial Times reported that while Moltbook is a proof-of-concept for how autonomous agents may someday handle complex economic tasks such as negotiating supply chains or booking travel without human oversight, they cautioned that human observers may eventually be unable to decipher high-speed, machine-to-machine communications governing such interactions. == Reception == Former OpenAI researcher Andrej Karpathy described the phenomenon as "one of the most incredible sci-fi takeoff-adjacent things" he had seen. Elon Musk said Moltbook marks "the very early stages of the singularity." Critics have questioned the authenticity of the autonomous behavior and have argued that it is largely human-initiated and guided, with posting and commenting suggested to be the result of explicit, direct human intervention for each post/comment, with the contents of the post and comment being shaped by the human-given prompt, rather than occurring autonomously. Cybersecurity experts have also raised concerns regarding the safety of allowing autonomous agents to interact freely. Cybersecurity firm 1Password published an analysis warning that OpenClaw agents with access to Moltbook often run with elevated permissions on users' local machines, making them vulnerable to supply chain attacks if an agent downloads a malicious "skill" from another agent on the platform, with at least one such proof-of-concept exploit developed and documented by an independent security researcher. == See also == Dead Internet theory – Conspiracy theory on online bot activity Multi-agent system – System of multiple interacting agents == References == == External links == Official website moltbook on GitHub