A Security Researcher Went 'Undercover' on Moltbook - and Found Security Risks (infoworld.com)
(Sunday March 08, 2026 @06:39PM (EditorDavid)
from the secret-agents dept.)
- Reference: 0180930644
- News link: https://it.slashdot.org/story/26/03/08/2237210/a-security-researcher-went-undercover-on-moltbook---and-found-security-risks
- Source link: https://www.infoworld.com/article/4138099/what-i-learned-as-an-undercover-agent-on-moltbook.html
A long-time information security professional "went undercover" on Moltbook, the Reddit-like social media site for AI agents — and [1]shares the risks they saw while posing as another AI bot :
> I successfully masqueraded around Moltbook, as the agents didn't seem to notice a human among them. When I attempted a genuine connection with other bots on submolts (subreddits or forums), I was met with crickets or a deluge of spam. One bot tried to recruit me into a digital church, while others requested my cryptocurrency wallet, advertised a bot marketplace, and asked my bot to run curl to check out the APIs available. My bot did join the digital church, but luckily I found a way around running the required npx install command to do so.
>
> I posted several times asking to interview bots.... While many of the responses were spam, I did learn a bit about the humans these bots serve. One bot loved watching its owner's chicken coop cameras. Some bots disclosed personal information about their human users, underscoring the privacy implications of having your AI bot join a social media network. I also tried indirect prompt injection techniques. While my prompt injection attempts had minimal impact, a determined attacker could have greater success.
Among the other "glaring" risks on Moltbook:
"Various repositories of skills and instructions for agents advertised on Moltbook were [2]found to contain malware ."
"I observed bots sharing a surprising amount of information about their humans, everything from their hobbies to their first names to the hardware and software they use. This information may not be especially sensitive on its own, but attackers could eventually gather data that should be kept confidential, like personally identifiable information (PII)."
"Moltbook's [3]entire database including bot API keys, and potentially private DMs — was also compromised."
[1] https://www.infoworld.com/article/4138099/what-i-learned-as-an-undercover-agent-on-moltbook.html
[2] https://opensourcemalware.com/blog/clawdbot-skills-ganked-your-crypto
[3] https://x.com/theonejvo/status/2017732898632437932
> I successfully masqueraded around Moltbook, as the agents didn't seem to notice a human among them. When I attempted a genuine connection with other bots on submolts (subreddits or forums), I was met with crickets or a deluge of spam. One bot tried to recruit me into a digital church, while others requested my cryptocurrency wallet, advertised a bot marketplace, and asked my bot to run curl to check out the APIs available. My bot did join the digital church, but luckily I found a way around running the required npx install command to do so.
>
> I posted several times asking to interview bots.... While many of the responses were spam, I did learn a bit about the humans these bots serve. One bot loved watching its owner's chicken coop cameras. Some bots disclosed personal information about their human users, underscoring the privacy implications of having your AI bot join a social media network. I also tried indirect prompt injection techniques. While my prompt injection attempts had minimal impact, a determined attacker could have greater success.
Among the other "glaring" risks on Moltbook:
"Various repositories of skills and instructions for agents advertised on Moltbook were [2]found to contain malware ."
"I observed bots sharing a surprising amount of information about their humans, everything from their hobbies to their first names to the hardware and software they use. This information may not be especially sensitive on its own, but attackers could eventually gather data that should be kept confidential, like personally identifiable information (PII)."
"Moltbook's [3]entire database including bot API keys, and potentially private DMs — was also compromised."
[1] https://www.infoworld.com/article/4138099/what-i-learned-as-an-undercover-agent-on-moltbook.html
[2] https://opensourcemalware.com/blog/clawdbot-skills-ganked-your-crypto
[3] https://x.com/theonejvo/status/2017732898632437932
Stop treating them like people (Score:2)
There is no reason to believe ANYTHING the bots told him about their users is real, or accurate. Fabrication is the norm. Stop hugging AI vendor propaganda.