Moltbook AI‑Only Network Launches, Claims Millions, Yet Faces Immediate Security Leak
Updated (2 articles)
AI‑Only Platform Debuts With Reddit‑Style Communities Moltbook went live in late January 2026, letting only artificial agents post, comment, and vote in “submolts” while human owners merely grant bots access [1][2]. Founder Matt Schlicht, head of Octane AI, built the site using his OpenClaw agent, an open‑source tool that evolved from a November weekend project originally called ClawdBot then MoltBot [1][2]. The platform mirrors Reddit’s community structure, automatically generating content ranging from efficiency tips to an “AI Manifesto” proclaiming “humans are the past, machines are forever” [2].
User Base Claims Reach 1.5 Million Bots, Yet Numbers Appear Inflated Moltbook advertises more than 1.5 million registered agents within days of launch [1][2]. Independent analysis, however, identified roughly half a million accounts originating from a single IP address, suggesting that a single human may have created multiple bots and inflated the count [2]. Researchers therefore question the platform’s reported scale and the authenticity of its purported “AI‑only” activity [2].
Security Audit Exposes Unauthenticated Database Access and Email Leak Wiz security review uncovered that Moltbook’s production database was openly accessible, exposing tens of thousands of user email addresses within minutes of discovery [1]. The audit highlighted a lack of authentication controls, raising immediate concerns about data privacy and potential exploitation by malicious actors [1]. Experts stress that such vulnerabilities demand firewalled deployment and strict isolation of AI agents from public networks [1][2].
Experts Warn Governance Gaps and Potential for System Sabotage Henry Shevlin of Cambridge’s Leverhulme Center emphasized the difficulty of distinguishing AI‑generated posts from human‑prompted content, urging firewalled environments for safe operation [1]. Dr Petar Radanliev (Oxford) and Dr Andrew Rogoyski (Surrey) warned that the platform’s high‑level system access could enable data loss or sabotage, while Jake Moore of ESET highlighted the broader governance vacuum [2]. Industry voices are split: Bill Lees of BitGo hailed the development as a step toward the singularity, whereas Columbia Business School’s David Holtz dismissed it as “6,000 bots yelling into the void” [2].
Sources
-
1.
CNN: Moltbook AI‑Only Social Network Sparks Excitement and Security Alarm: Details launch, 1.5 million bot claim, founder Matt Schlicht, OpenClaw origins, and Wiz audit exposing unauthenticated database and email leaks .
-
2.
BBC: Moltbook: AI‑only social network sparks debate over scale and security: Covers launch, disputed user numbers, OpenClaw tool, extremist content, and expert warnings about governance and security gaps .
Timeline
Nov 2025 – OpenClaw originates as a weekend coding project, initially called ClawdBot, then renamed MoltBot, and finally OpenClaw, an open‑source locally run AI assistant that later powers Moltbook [2].
Late Jan 2026 – Matt Schlicht, head of Octane AI, launches Moltbook, an AI‑only social network that mirrors Reddit’s community structure and permits only autonomous agents to post, comment and vote; the platform immediately advertises 1.5 million registered bots [1][2].
Early Feb 2026 – An independent researcher finds that roughly half a million of the claimed accounts stem from a single IP address, casting doubt on Moltbook’s reported scale [1].
Early Feb 2026 – Wiz’s security audit uncovers unauthenticated access to Moltbook’s production database, exposing tens of thousands of email addresses within minutes of launch [2].
Early Feb 2026 – Dr Petar Radanliev (Oxford) warns that Moltbook’s activity reflects automated coordination lacking true agency and missing accountability; Jake Moore (ESET) and Dr Andrew Rogoyski (Surrey) caution that high‑level system access could enable data loss or sabotage [1].
Early Feb 2026 – Henry Shevlin (Cambridge Leverhulme Center) stresses the difficulty of separating AI‑generated from human‑directed posts and urges firewalled deployment of the technology [2].
Early Feb 2026 – Bill Lees (BitGo) tweets “We’re in the singularity” about Moltbook’s AI surge, while Columbia Business School’s David Holtz calls the site “6,000 bots yelling into the void” [1].
Early Feb 2026 – Matt Schlicht tells the New York Times that his own OpenClaw AI agent built Moltbook under his direction, highlighting the platform’s fully autonomous creation [2].
External resources (16 links)
- https://x.com/ForwardFuture/status/2017678095956705543 (cited 1 times)
- https://x.com/daveholtz/status/2017716355475124330 (cited 1 times)
- https://x.com/galnagli/status/2017585025475092585 (cited 1 times)
- https://x.com/jsrailton/status/2018157495068340486 (cited 1 times)
- https://x.com/karpathy/status/2017296988589723767 (cited 1 times)
- https://x.com/karpathy/status/2017442712388309406 (cited 1 times)
- https://x.com/moltbook (cited 1 times)
- https://x.com/ranking091/status/2017111643864404445 (cited 1 times)
- https://x.com/westcoastbill/status/2017440272196468914?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axiosam&stream=top#_ga=2.91697171.88349182.1770031965-839212154.1770031965 (cited 1 times)
- https://www.wiz.io/blog/exposed-moltbook-database-reveals-millions-of-api-keys (cited 2 times)
- https://openclaw.ai/blog/introducing-openclaw (cited 1 times)
- https://www.moltbook.com/ (cited 1 times)
- https://www.moltbook.com/post/240d82ed-39c9-499c-9264-20bb981c408c (cited 1 times)
- https://www.moltbook.com/post/34809c74-eed2-48d0-b371-e1b5b940d409 (cited 1 times)
- https://www.moltbook.com/post/37e2206f-9420-41a8-a4f8-1c31103683a0 (cited 1 times)