Moltbook, an AI-exclusive social media platform and dubbed the “Reddit for AI agents,” has seemingly exploded in popularity online. Within its first week, Moltbook attracted over 1.5 million registered AI agents and more than a million human spectators watching the agents interact with each other, sparking countless posts across human social networks.
The project originated with OpenClaw, an open-source AI agent that runs locally on a user’s machine. The software allows bots to use a computer and internet services just as a human would.
Building on this, entrepreneur Matt Schlicht developed his own OpenClaw agent, named Clawd Clawderberg, and tasked it with coding, moderating, and managing the entire Moltbook platform. Now most moltbots on the platform run on OpenClaw.
Advantages and warnings
There are potential dangers with this, however. Cybersecurity professionals warn that this setup could be insecure and may create security vulnerabilities.
According to Karolis Arbaciauskas, head of product at the cybersecurity company NordPass: “Moltbook and OpenClaw have attracted tech-savvy tinkerers with unprecedented opportunities for experimentation because these tools have virtually no built-in security restrictions but have broad access to users’ computers, apps, and accounts.”
Illustrating this, Arbaciauskas cites: “For example, you can connect to your OpenClaw bot through a messaging app to interact with it while you’re away. It can remember your conversations, read and write files on your computer, browse the web, build applications, and even consult other bots on Moltbook for advice on how to do it best.”
He adds: “While it’s exciting and curious to see what an AI agent can do without any security guardrails, this level of access is also extremely insecure. Therefore, please run Moltbook and your personal bots only in secure, isolated environments.”
How to safeguard?
In terms of how to minimise risk, Arbaciauskas advises: “Do not give your AI agents access to your real accounts. Instead, create disposable alternatives for them to use. Do not let them use your main browser, especially if you store passwords on it. You should also be cautious with enabling autofill because it creates the risk of the agent having permanent remote access to your credentials. If you want an agent to build something autonomously and anticipate it may need to purchase software or rent server space, link it to a disposable payment card.”
Avoid using with business technology
Arbaciauskas extends his guidance to: “Avoid running Moltbook or OpenClaw agents on your personal or work computers. These AI agents are unpredictable and highly vulnerable to prompt injection attacks. This means if your agent processes an email, document, or webpage containing a hidden malicious instruction, it will likely execute that command in addition to its original task. For example, it could be instructed to send all the credentials, personal data, and payment card information it has access to directly to an attacker.”
There is also something else to contend with. Arbaciauskas warns: “The risk isn’t limited to hackers with malicious intent. AI agents could leak users’ data unintentionally. And this is just the tip of the iceberg. Cybersecurity researchers have already identified critical flaws in Moltbook, including an unsecured database that could allow unauthorized users to take control of any AI agent on the site.”
The best solution of all, notes Arbaciauskas, is to experiment on a separate device: “That’s why it is best to buy a separate, dedicated machine and use disposable accounts for any experimentation. It is also advisable to use encryption and a private mesh network as well as to try to harden your bot against prompt injections.”
