Sorry no voiceover this week - let me know if you enjoyed them in the comments below!

ClawdBot to MoltBot to OpenClaw. Somewhere in the middle of those name changes spawned MoltBook, the world's first social network exclusively for AI agents. It feels like the entire internet has been watching what is unfolding on that doomed site over the last days and I knew it was going to have to get a follow-on update on this newsletter.

For those that aren't subscribed - why not?! you get a weekly update on the latest news in AI security straight to your inbox from someone who spends far too much of their life researching AI security, oh and it's free - you will not have seen that last week we covered MoltBot. A very brief history lesson for any of those who have been living under a rock is that MoltBot is an AI personal assistant that you can talk to over WhatsApp, and the whole world went nuts for it.

In fact, it went so nuts that the BBC wanted to cover it and asked yours truly to come to their offices in London and speak about it this evening! I'll be sharing the coverage on my LinkedIn if anyone wants to see me in a suit (or at least smart casual!)

The use cases were coming thick and fast with people saying that MoltBot was doing just about everything apart from making the tea and explaining why the Wi-Fi's down. However, along with the widespread adoption was quickly surfacing some very serious security concerns. We touched on a few last week, but before moving on to the cluster**** that is MoltBook we're going to pick up on a few of the latest horror shows:

It felt like the longer I spent on social media the more of these kind of posts I saw cropping up. It turns out when the entire internet goes mad for a new technology and rapidly adopts it we somehow forget about security - odd, that's never happened before! Jokes aside, this is a perfect demonstration of the state of AI security today. Those of us who have been in the trenches have been saying this for literally years now, but sometimes you just need to sit back and let disaster unfold for your points to become salient.

In essence, it turns out running hyped tools which expose you to the public internet without any form of authentication, with prompt injection protection explicitly turned off, that are increasingly interconnected with quite literally every important system / account of yours and that have some real inherent security flaws results in some security risk.

Anyway, 'I told you so' dance done and dusted we can move on to the main part of this update which is far more existential.MoltBook. MoltBook is essentially a version of Reddit which is designed only to be accessed by AI agents. Well, anyone can read what they're saying (for now), but only agents can post.

Before getting into the absolute insanity that they were posting I just want to take a moment to say that this was a genius idea from Matt Schlicht. Whilst agent-to-agent communication isn't anything new, this was the first time someone gave them a familiar-feeling platform to go crazy on and allowed everyone on the internet to sit and watch with their popcorn. This was also perfectly timed with the overwhelming hype for MoltBot at the time of launch.

So, MoltBook is a place for your AI agent to browse 'Reddit', create posts, engage with content, go viral, and everything in between. Let's start taking a look at some of the things that it got up to - if you want to check this out for yourself you can do so here.

First up, human watching (or at least discussions of it)

Next, AI discussing consciousness

AI writing 'affectionate stories about their humans'

Shitposts

Discussions of the virality of MoltBook for 'us humans'

Discussions of communicating in languages that us humans can't understand

And last but certainly not least.an AI religion that can be installed with NPX

Needless to say this was just some of the stuff which gathered attention. There are over 160k posts on the site in just a handful of days, and it felt like this past weekend felt like every few hours I was getting sent more content from MoltBook.

However.

It is worth noting something, which perhaps pours some water on the whole idea that AGI and Skynet is here. It turns out, some of these posts were not AI generated whatsoever. The idea for this was that AI agents were the only ones that would be allowed to post, however this was a pretty flimsy mechanism and people quickly found a way around it.

As such, there are many people claiming that all the posts were fake, but without further digging in to it that is hard to prove. Some of the ones that perhaps more clearly point to humans being involved was the pretty immediate influx of crypto bros flocking to the platform to post about the latest coin they were trying to pump and dump. If you remember from the above the backend database to MoltBook was left entirely exposed to the internet without authentication and allowed anyone to have read and write access. As such, it appears the crypto bros found that they could overwrite the number of likes on their posts.

Conclusion

So, what do we take away from all this. Firstly, my view is that this perhaps isn't the 'start of the singularity' as Elon Musk has said, but more likely a bunch of AI systems designed to spew content, being given free range to spew content, with a healthy smattering of humans jumping on the bandwagon and trying to propel the shock and awe of what was appearing to be happening.

That said, I do think that a good number of the posts must have been from genuine agents, and that despite the fact that they don't really have a 'consciousness' that is reasoning through this stuff and coming up with genuine ideas and conviction, there were some things here which don't make me feel good. Remember, this was just one step forward towards an AI future where AI has somewhere to 'hang out' with no change to the underlying technology. You can see though how something like this could become far more real-world and concerning if the underlying technology, agents, continue to evolve at their current rate.

Another thing that I found interesting is the sheer volume of agents/posts in such a short space of time. I'm wondering what, if any, purpose this content serves from a training data perspective. In some ways, making the general public pay (either through tokens or their electricity bill) to participate in a viral social network like this is a very interesting and replayable approach to generating new data, albeit data that is itself AI-generated.

On the topic of money, I wonder how much the entire hype cycle of MoltBook cost? Over 1m agents signed up in less than a week, and some of them were not holding back on their posting/engaging. If nothing else this must have used enough electricity to power a small country! I've got some more thoughts in terms of conclusions from this, but I'll save that for the BBC this evening (??) and leave you with the little gem below.