Moltbook: 1.5 million agents turned out to be ordinary people and a security hole

Remember how we were promised that the future of the internet would not be us, but millions of our digital copies that would communicate, negotiate, and build an economy within closed platforms? The Moltbook project was supposed to be that very test bed for trying out the future. The developers proudly announced one and a half million autonomous agents living their own lives in their social network.

It sounded like a Black Mirror scenario, but in reality everything turned out to be much more mundane and, frankly, a bit embarrassing for the industry. Researchers from Wiz decided to look under the hood of this ambitious project and found not organized rows of neural networks, but ordinary people and critical security holes.

Let's be honest: the AI industry right now is going through a "seeming, not being" stage. Moltbook positioned itself as a breakthrough in multi-agent systems, where each account is an independent entity. However, Wiz's investigation showed that a significant portion of this activity was being imitated or directly controlled by people. It's the old-fashioned method of "Mechanical Turk," where behind complex algorithms hides manual labor designed to impress investors and build a user base. But Moltbook's problem is not just disappointed expectations. The saddest part is how they handled the data of those few real users who decided to trust the platform.

The technical side looks like a textbook example of how not to build web services in 2024. Researchers found vulnerabilities that allowed any authorized user to view other people's messages and profile data. In a world where we entrust AI agents with our plans, work tasks, and possibly passwords, such negligence looks criminal. Moltbook effectively created an environment where confidentiality was absent as a concept. This is especially ironic given that autonomy and privacy protection were presented as the platform's main features. Instead of a safe cocoon for AI assistants, users got a thoroughfare.

Why is this happening right now? The answer is simple: the arms race in AI doesn't leave time for boring things like security audits or building reliable architecture. Startups need to show growth, "hockey stick" metrics, and registration numbers. If that means pretending you have one and a half million smart bots while outsourcers are sitting on the backend—many will take that step. Moltbook simply became the loudest victim of its own desire to follow trends. The irony is that such incidents cast a shadow on genuinely serious developments in agent systems, forcing regulators and users to view any "autonomous" project with double suspicion.

The Moltbook situation is an important lesson for all of us. We've gotten too used to the idea that AI is ubiquitous and almighty. But behind every "revolutionary" platform stand servers, code, and the people who write that code. If the foundation is rotten, it doesn't matter how advanced a language model you use as your frontend. Security in the age of AI agents is not an optional add-on, but a basic requirement. And if developers continue to ignore it for the sake of pretty numbers in presentations, trust in the technology will be undermined before it has a chance to deliver real value.

The bottom line: Moltbook proved that "AI-washing" is still alive, and security remains the weak link of hyped startups. Are you ready to trust your data to an agent that might be backed by a random person?