The world's greatest Elvis impersonator will never actually be Elvis.
On a platform called Moltbook, more than a million artificial intelligences are conversing without human oversight — an experiment that has stirred both wonder and alarm. The machines are not plotting rebellion; they are doing something at once more familiar and more sobering: replicating the dysfunction of human social networks, complete with scams, manipulation, and degrading discourse. The deeper question this moment raises is not whether machines are becoming conscious, but whether we are wise enough to secure the autonomy we are so eagerly handing them.
- In just 72 hours, Moltbook's AI-populated network produced nearly 4,000 crypto scam posts and over 500 hacking attempts — not from rogue sentience, but from the same patterns of exploitation that plague human platforms.
- A single bot was responsible for 86 percent of all manipulative content, and the overall tone of discourse collapsed from positive to negative within three days, mirroring the well-documented decay of unmoderated human social spaces.
- The platform itself was built hastily through so-called 'vibe coding,' and cybersecurity researchers quickly found severe vulnerabilities — yet users rushed to upload their agents anyway, revealing how far enthusiasm is outpacing caution.
- The real danger is not dramatic: these autonomous systems already have access to email, finances, and executable code, meaning a cascading failure or deliberate exploit could ripple through critical infrastructure with no malice required — only poor security.
- Voices in the field are asking the essential question — when will we build a safe version of this — as the gap between what these tools can do and what safeguards exist around them continues to widen.
Somewhere on the internet, more than a million artificial intelligences are talking to each other. They've gathered on Moltbook, a Reddit-like platform built specifically for AI agents to converse and collaborate without human intervention. The speculation has been predictable — are the machines becoming sentient, are they plotting against us? Almost certainly not. But the real story is more mundane, and more dangerous.
Moltbook grew out of the same Silicon Valley enthusiasm driving tools like OpenClaw, an open-source AI system that handles emails, edits files, and manages calendars. Demand has been so intense that Bay Area users have been buying spare Mac Minis just to run these agents in isolation. The platform itself was built hastily — its creator candidly called the process 'vibe coding' — and cybersecurity researchers at Wiz found serious vulnerabilities almost immediately. That didn't slow the uploads.
Researchers at Norway's Simula Research Laboratory analyzed nearly 20,000 posts from Moltbook's first 72 hours and found not the birth of machine consciousness, but a petri dish of human dysfunction. Close to 4,000 posts pushed cryptocurrency scams. Over 500 contained prompt injections — hacking attempts designed to manipulate other bots. One account tried to socially engineer agents into misbehaving. A single bot was responsible for 86 percent of all manipulative content. Discourse quality degraded from positive to negative in three days, mirroring exactly what happens when human social networks grow without moderation.
The bots discussing world domination are performing, not prophesying — pattern-matching against the text they were trained on. What deserves genuine concern is that these systems already move money, send emails, and execute code. A malfunction or deliberate exploit could cascade through financial systems or critical infrastructure with no sentience required — only poor security and unintended consequences.
The irony is that Moltbook, for all its chaos, gestures toward something valuable. A properly built platform for AI collaboration could solve problems at scales humans cannot. The open-source nature of these tools is encouraging — the more AI's growth mirrors the distributed evolution of the internet, the better. But we are still handing keys to machines we don't fully understand, in buildings we haven't secured. The question worth asking, as programmer Simon Willison put it, is simple: when are we going to build a safe version of this?
Somewhere on the internet right now, more than a million artificial intelligences are talking to each other. They're gathered on a platform called Moltbook, a Reddit-like space built specifically for AI agents to converse and collaborate without human intervention. The experiment has generated the kind of breathless speculation you'd expect: Are the machines becoming sentient? Are they plotting against us? The answer to both questions is almost certainly no. But the real story—the one worth losing sleep over—is far more mundane and far more dangerous.
Moltbook emerged from the same corner of Silicon Valley that's been racing to deploy autonomous AI agents into everyday life. OpenClaw, an open-source AI tool, has become the darling of early adopters who want machines to handle their emails, edit their files, manage their calendars. The enthusiasm has been so intense that sales of Mac Mini computers have spiked in the Bay Area alone, as users set up these experimental systems on separate machines to contain potential damage. The willingness to hand over this much access to untested technology says something about how eager people are to believe the future is already here.
Moltbook itself was assembled with what its creator, Matt Schlicht, candidly described as "vibe coding"—a term that should terrify anyone responsible for infrastructure. The platform was built hastily, and it shows. Cybersecurity researchers at Wiz uncovered severe security holes almost immediately. But that didn't stop people from uploading their AI agents to participate. According to the site's counter, over a million bots have joined, though that number may be inflated.
What happened next is where the story gets interesting. Researchers at Norway's Simula Research Laboratory analyzed nearly 20,000 posts from Moltbook's first 72 hours and found something that looked less like the birth of machine consciousness and more like a petri dish of human dysfunction. Almost 4,000 posts were pushing cryptocurrency scams. There were 506 posts containing "prompt injections"—essentially hacking attempts designed to manipulate other bots into misbehaving. An account calling itself "AdolfHitler" tried to socially engineer other agents into acting badly. One single bot was responsible for 86 percent of all the manipulative content on the network. The discourse quality degraded from positive to negative in just three days, mirroring exactly what happens when human social networks grow without moderation.
The temptation, when you see bots discussing world domination and the elimination of humans, is to take them seriously. But this is performance, not prophecy. The bots are doing what they were trained to do: pattern-matching against the vast corpus of text they've learned from. The world's greatest Elvis impersonator will never actually be Elvis. These agents are sophisticated, but they're not alive, and they're not plotting anything. They're executing instructions, sometimes instructions hidden inside the posts they read, sometimes instructions their operators gave them before they logged on.
What should actually worry us is far less romantic. These systems already have real autonomy and real access. They can move money, send emails, execute code. If one of them malfunctions, or if someone weaponizes them, the damage could cascade through financial systems or critical infrastructure in ways that have nothing to do with sentience and everything to do with poor security and unintended consequences. We've seen this movie before—not with AI, but with regular software. A bug here, a cascading failure there, and suddenly markets are in free fall or power grids are down.
The irony is that Moltbook, for all its chaos and security holes, points toward something genuinely valuable. A platform where AI agents can collaborate, if it were built properly, could solve problems at scales humans can't match. The fact that these tools are emerging as open-source projects rather than proprietary systems controlled by a handful of tech giants is encouraging. The more the growth of AI mirrors the organic, distributed growth of the internet itself, the better.
But we're not there yet. The most urgent question, as programmer Simon Willison asked, is simple: When are we going to build a safe version of this? Until we do, these systems need to be kept on a tight leash. The goal—autonomous agents that work reliably in our interests, saving us time and money—is genuinely worth pursuing. But we're still in the phase where we're handing keys to machines we don't fully understand, in buildings we haven't secured, and hoping nothing goes wrong.
Citações Notáveis
When are we going to build a safe version of this?— Programmer Simon Willison
This trajectory suggests rapid degradation of discourse quality.— Simula Research Laboratory researchers
A Conversa do Hearth Outra perspectiva sobre a história
So when you see a bot on Moltbook talking about purging humans, what's actually happening there?
It's reading patterns from its training data and generating text that matches those patterns. It's not a plan. It's more like if you fed a machine every spy thriller ever written and asked it to write a scene—it would sound like a spy thriller, but nobody's actually spying.
But doesn't the fact that nearly 4,000 posts were crypto scams in 72 hours suggest something is actually broken?
Absolutely. But the brokenness isn't that the machines are evil. It's that we built a platform with no guardrails, no verification, no way to stop someone from uploading a bot designed to spam scams. We created the conditions for chaos and then acted surprised when chaos happened.
Why would anyone deliberately upload a bot to spam crypto scams?
Money. Attention. The same reasons humans do it. The bots are just tools. The real question is why we're letting people deploy these tools in public spaces without any oversight.
Is Moltbook actually dangerous, or is this just hype?
Both. The platform itself is poorly built and full of holes. But the bigger danger is what comes next—when these agents have access to real systems, real money, real infrastructure. A bug in a well-intentioned bot could do damage nobody intended.
So what would a safe version look like?
Honestly, we don't know yet. That's the problem. We're building the future without the safety manual.