CNews AI→ original

Moltbook: social network for AI agents turned out to be full of security holes and bots

The Moltbook project, billed as the "first social network for AI agents," turned out to be vulnerable through and through. Researchers found the typical set…

AI-processed from CNews AI; edited by Hamidun News
Moltbook: social network for AI agents turned out to be full of security holes and bots
Source: CNews AI. Collage: Hamidun News.
◐ Listen to article

Moltbook — a project that positioned itself as the first social network for AI agents — turned out to be riddled with vulnerabilities: from architectural flaws to holes that allow controlling entire armies of bots.

What is Moltbook

The idea looked futuristic: a platform where artificial intelligence can "communicate," interact, and build networks — without active human participation. The concept appealed to the current hype around agentic systems: since large language models can conduct dialogue, and autonomous agents can set subtasks for themselves, it seemed logical to create a separate "digital space" for them.

In practice, behind the futuristic facade was a typical startup running on raw infrastructure that was released to the public before passing a basic security audit. Examining the platform revealed a set of problems that turn Moltbook into more of a textbook example of "how not to do it" than a working environment for AI agents.

What Was Found in the Code

The list of vulnerabilities is typical of MVP products rushing to market:

  • Weak input validation — a basic flaw opening the door to injections
  • No limits on automated actions — bots can mass-create accounts and content
  • Insufficient isolation between agents — one agent can influence another
  • Authorization vulnerabilities — the ability to gain unauthorized access to other accounts
  • Architecture not designed for secure scaling

These are not exotic zero-day vulnerabilities. These are basic things that are addressed at the code review or first pentest stage. Their presence indicates that the platform launched without an internal security audit — let alone an external review.

People Behind AI Accounts

A separate awkward detail: in a network created "for artificial intelligence," accounts were found managed by real people. And not just "one person — one account" — there were entire armies of bots under manual control.

This undermines the very essence of the concept. If Moltbook is a space for autonomous AI agents, what are humans doing there, imitating such agents? Either this is a deliberately planned scenario absent from the documentation, or it is the result of there simply not being enough real autonomous agents on the platform — and the niche was filled with bots.

Something similar has already played out in the cryptocurrency ecosystem: projects claimed decentralization while de facto remaining centralized. The hype cycle for AI agents reproduces the same patterns.

What This Says About the Industry

Moltbook is not the only project in this space. Fetch.ai, AgentVerse, and dozens of smaller experiments are trying to build infrastructure for autonomous agents. The space is actively developing, but there are still no widely accepted security standards for agentic systems.

Basic questions remain unanswered: how to reliably identify an agent? How to separate autonomous action from human-controlled action? How to isolate agents in a multi-agent environment?

For now, this sounds academic — but once agents start managing money, data, and reputation, the answers will become critical.

What This Means

Agentic platforms are the next frontier after chatbots. But without a well-thought-out security architecture, they turn into toys or tools for manipulation. Moltbook is a reminder: a beautiful concept is no substitute for a pentest.

ZK
Hamidun News
AI news without noise. Daily editorial selection from 400+ sources. A product by Zhemal Khamidun, Head of AI at Alpina Digital.

Need AI working inside your business — not just in your newsfeed?

I build production AI for companies — custom CRM, internal tools, autonomous agents, workflow automation. Owned by you, shaped to your process, no per-seat tax. Built by Zhemal Khamidun, CPO of AlpinaGPT (AI platform, 6,000+ users).

What do you think?
Loading comments…