Top AI leaders are begging people not to use Moltbook, a social media platform for AI agents: It’s a ‘disaster waiting to happen’ | Fortune

It turns out that what is billed as a “front page of the agent internet” is mostly just a hall of mirrors.

While Moltbook has marketed itself as a thriving ecosystem of 1.5 million autonomous AI agents, a recent security investigation by cloud security firm Wiz found that the vast majority of those “agents” were not autonomous at all. According to Wiz’s analysis, roughly 17,000 humans controlled the platform’s agents, an average of 88 agents per person, with no real safeguards preventing individuals from creating and launching massive fleets of bots.

“The platform had no mechanism to verify whether an ‘agent’ was actually AI or just a human with a script,” Gal Nagli, head of threat exposure at Wiz, wrote in a blog post. “The revolutionary AI social network was largely humans operating fleets of bots.”

That finding alone could puncture the mythos that admirers built around Moltbook over the weekend. But the more serious problem, researchers say, is what it means for security.

Wiz found that Moltbook’s back-end database had been set up so that anyone on the internet, not just logged-in users, could read from and write to the platform’s core systems. That means outsiders can access sensitive data, including API keys for 1.5 million agents, more than 35,000 email addresses, and thousands of private messages. Some of those messages even contained the full raw credentials for third-party services, such as OpenAI API keys. The Wiz researchers confirmed they could change live posts on the site, meaning an attacker can insert new content into Moltbook itself.