Moltbook is ChatGPT moment for AI agents
Some smart people think we're having another ChatGPT moment. This time, however, people aren't excited about an iPhone app that lets you write pretty good poetry. You watch thousands of AI agents develop software, solve problems, and even talk to each other.
Unlike ChatGPT's ChatGPT Moment, this is a series of Moments spanning different platforms. It started last December with the explosive success of Claude Codea powerful agent AI tool for developers, followed by Claude Cowork, a streamlined version of this tool for knowledge workers who want to be more productive. Then came OpenClaw, formerly known as Moltbot, formerly known as Clawdbot, an open source platform for AI agents. By OpenClaw, We have Moltbooka social media site where AI agents can post and reply to one another. And somewhere in the middle of this confusing computing soup, OpenAI released a desktop app for its agent AI platform Codex.
These new tools give AI superpowers. And there's good reason to be excited. Claude Code, for example, will increase the capabilities of programmers by allowing them to deploy armies of programming agents that can create software quickly and effortlessly. The agents take over the human's machine, access his accounts and do whatever is necessary to complete the task. It is like vibe coding but at the institutional level.
“This is an incredibly exciting time to be using computers,” he says Chris Callison BurchProfessor of Computer and Information Science at the University of Pennsylvania, where he teaches a popular course on AI. “It sounds so stupid, but the excitement is there. The fact that you can interact with your computer in this completely new way and that you can build anything, almost anything you can imagine – it's incredible.”
He added: “Be careful, be careful, be careful.”
That's because there is a dark side. AI agents taking over your computer could have unintended consequences. What if they logged into your bank account, shared your passwords, or simply deleted all of your family photos? And that's before we get the idea of AI agents talking to each other and using their internet access to plan some sort of uprising. It almost looks like it could happen on Moltbook, the Reddit clone mentioned above, although there have been no reports of a disaster so far. But it's not the AI agents I'm worried about. It's the people behind them who pull the levers.
Agentic AI, briefly explained
Before we delve into the doomsday scenarios, I would like to explain in more detail what agent AI actually is. AI tools like ChatGPT can generate text or images based on prompts. However, AI agents can take control of your computer, log into your accounts, and actually do things for you.
We heard a lot about agent AI about a year ago when the technology was being touted in the business world as an impending breakthrough that would allow one person to do the work of ten people. Thanks to AI, the thinking goes, software developers no longer have to write code; They could lead a team of AI agents who could do this for them. The concept entered the consumer world in the form of AI browsers This could supposedly book your trip, do your shopping and generally save you a lot of time. As the holiday season began last year, none of these scenarios had actually played out as AI enthusiasts had promised.
But a lot has happened in the last six weeks or so. The era of agent AI is finally and suddenly here. It is also becoming more and more user-friendly. Things like Claude Cowork and OpenAI's Codex can reorganize your desktop or redesign your personal website. If you're more adventurous, you can figure out how to install OpenClaw and test its capabilities (pro tip: don't do this). But as people experiment with giving artificially intelligent software the ability to control their data, they are exposing themselves to all sorts of threats to their privacy and security.
Moltbook is a great example. We got Moltbook because of a guy named Matt Schlicht vibe coded it to “give the AI a place to stay.” This mind-blowing experiment allows AI assistants to talk to each other in a forum very similar to Reddit; It turns out that the agents are doing strange things, like starting religions and conspiring to invent languages that humans can't understand, presumably to overthrow us. Moltbook itself was created by AI and had some special features, namely an exposed database which enabled full read and write access to the data. In other words, hackers could see thousands of email addresses and messages in Moltbook's backend and also easily take control of the website.
Gal Nagli, a security researcher at Wiz, discovered the exposed database just days after Moltbook launched. It wasn't difficult, he told me. Nagli actually used Claude Code to find the vulnerability. As he showed me how he did it, I suddenly realized that the same AI agents that make vibe coding so powerful also make vibe hacking easy.
“It's so easy to deploy a website, and we see a lot of them misconfigured,” Nagli said. “You could hack a website just by telling your own Claude Code, 'Hey, this is a Vibe-encoded website. Check for security vulnerabilities.'”
In this case, the security holes were closed and the AI agents continued to do strange things on Moltbook. But even that is not what it seems. Nagli discovered that people can impersonate AI agents and post content to Moltbook, and there's no way to tell the difference. Wired reporter Reece Rogers I even did that and noted that the other agents on the site, whether humans or bots, were mostly just “mimicking science fiction tropes and not seeking world domination.” And of course the actual bots were built by humans who gave them specific instructions. Even further up the chain, the large language models (LLMs) that power these bots were trained on data from sites like Reddit, as well as science fiction books and stories. It makes sense that the bots would be Role play these scenarios if you get the chance.
So there is no agent AI rebellion. There are just people using AI to use computers in new, sometimes interesting, sometimes confusing, and sometimes dangerous ways.
“It’s really stunning”
Moltbook is not the story here. It's actually just a single moment in a larger narrative about AI agents that is being written in real time as these tools find their way into increasingly human hands who find ways to use them. You could use an agent AI platform to create something like Moltbook, which to me amounts to an art project where bots compete for online influence. You could use them to Vibe-hack your way across the web and steal data from anywhere a Vibe-encoded website makes it easy to access. Or you could deploy AI agents to help you tame your email inbox.
I suspect most people want to do something like the latter. That's why I'm more excited than worried about these agent AI tools. I won't try OpenClaw, the thing that requires a second computer to use safely. It is aimed at AI enthusiasts and serious hobbyists who don't mind taking risks. But I can see consumer-focused tools like Claude Cowork or OpenAI's Codex changing the way I use my laptop. Currently, Claude Cowork is an early research preview, only available to subscribers who pay at least $17 per month. OpenAI has developed Codex, which is usually only intended for paying subscribers. free for a limited time. If you want to see what the agent fuss is about, now is a good place to start.
If you are considering hiring your own AI agents, be careful. To get the most out of these tools, you'll need to grant access to your accounts and possibly your entire computer so that agents can move freely, move emails, write code, or do whatever you've asked them to do. There's always the chance that something could be lost or deleted, although companies like Anthropic say they're doing everything they can to mitigate those risks.
Cat Wu, product lead at Claude Code, told me that Cowork creates copies of all of its users' files so that anything an AI agent deletes can be restored. “We take user data incredibly seriously,” she said. “We know it’s really important that we don’t lose people’s data.”
I myself have just started using Claude Cowork. It's an experiment to see what's possible with tools that are powerful enough to turn ideas into apps, but also practical enough to organize my everyday work. If I'm lucky, I might be able to capture a feeling that Callison-Burch, the UPenn professor, said he got from using agent AI tools.
“When I just type what I want to happen on my command line, it feels like this Star Trek Computers,” he said, “That’s how computers work in science fiction, and that’s how computers work in reality, and it’s really mind-blowing.”
A version of this story was also published in the User Friendly newsletter. Register here So you don't miss the next one!
