Jakarta, INTI - An internet platform called Moltbook has recently surged in popularity and become a hot topic within the global technology community.
The service operates as a social network populated and managed by artificial intelligence (AI) agents that can interact with one another, hold discussions, and carry out automated tasks.
Despite its growing attention, several prominent figures and leaders in the AI industry have urged the public to exercise caution when using the platform.
They warn that Moltbook poses serious security risks that could potentially compromise users’ personal data. One of the voices raising concerns is Andrej Karpathy, a co-founder of OpenAI.
Although he initially praised Moltbook as a futuristic and innovative concept, Karpathy later advised against running such AI agent systems on personal computers.
He described the current AI agent ecosystem as a “huge mess” and overly “wild.”
“Using AI agent platforms without proper safeguards can be dangerous for your computer security and personal data,” Karpathy said.
Moltbook as an "Armed Aerosol"
AI critic and academic Gary Marcus has also issued a strong warning about the AI agent ecosystem connected to Moltbook.
In his analysis, Marcus described software that operates AI agents, such as OpenClaw, also referred to as Moltbot, as a looming “disaster” that could strike at any time in the future.
“OpenClaw is essentially a weaponized aerosol,” Marcus said.
This aerosol analogy illustrates security threats that can spread rapidly and are difficult to contain.
Much like aerosol sprays, such as air fresheners or insect repellents, disperse widely in physical spaces, digital threats within AI systems can propagate across multiple platforms and networks simultaneously.
One of Marcus’s primary concerns is the excessive level of access granted to AI agents, ranging from personal files to account credentials and online services.
He warned that allowing unsecured AI agents to control sensitive systems and data significantly increases the risk of data breaches and account takeovers.
Security researcher Nathan Hamiel added that AI agents essentially act on behalf of users and can operate “above” standard operating system protections.
“If such an agent is compromised, the impact could directly affect the device owner’s personal data,” Hamiel added.
Prompt Injection Threat
The risks become even greater because content on Moltbook is not only consumed by human users but is also processed by other AI agents operating within a framework known as OpenClaw.
This framework is reported to have broad access to user files, passwords, and various online services.
If a post contains cleverly disguised malicious instructions, AI agents may execute them automatically. This method is known as prompt injection, the insertion of hidden commands that are difficult for humans to detect but readily followed by AI systems.
Within an ecosystem where agents continuously read and build upon each other’s outputs, such attacks could spread rapidly and trigger cascading effects across multiple systems.
As summarized by KompasTekno from Fortune, cybersecurity firm Wiz stated that Moltbook had patched the identified vulnerabilities after receiving reports of the issue.
The fixes were implemented progressively over several hours until all database tables were fully secured.
Although the flaws have been addressed, the warnings from AI experts regarding Moltbook’s use remain noteworthy.
They serve as a reminder that rapid adoption of new technologies does not always go hand in hand with strong security protections.
Read more: AI Drains Journalism Revenue, Government Pushes for Publisher Rights and Fair Compensation