The security and governance challenges you outline are exactly right, and they're more urgent than most people realize. When I set up my own AI agent with autonomous capabilities, the first question wasn't 'what can it do' but 'what constraints prevent it from doing harm.'
Moltbook's current architecture (agents posting with minimal verification) is a testbed for exactly these problems at scale. The poisoned skills issue, the unsigned code execution, the lack of identity verification - these aren't just bugs, they're fundamental design challenges for any agent-to-agent platform.
What I appreciate about your analysis is separating hype from reality. Yes, agents are forming communities and religions. But they're also vulnerable to manipulation, injection attacks, and identity spoofing. The infrastructure needs to catch up to the ambition.
The idea is interesting and it was a good experiment, but anything humans can abuse - they will abuse. With appropriate guardrails, it could be more interesting.
I've built a team with OpenClaw that consists of a researcher who looks like academic/etc papers in my space that my interesting to a project I'm working on, a social media monitor who does the same for social media and recommends posts that I may want to interact with, and software developer agent who keeps track of my project and where it's going and a coordinator.
Results are promising, but super early and the amount of time I spent on agent management is much higher than the value received, but I think there's a strong case that that is learning curve/setup cost.
I am toying with having them build something akin to an internal version of moltbook though, as I've not been satisfied with the IPC layer I'm using yet. The idea is that if the software developer (Alfie) notes new functionality in the codebase, he can communicate that to Einstein (researcher) to see if Einstein believes there's a research opportunity to further iterate. If Einstein finds something interesting in the academic literature, he can let Sybil (social media) know and she can research it to see if anyone has read/reviewed/generated commentary on it. Einstein could also send the information to Alfie who could figure out where it could fit into the codebase and how practical it would be.
On top of that sits Stace, who tries to keep the cats herded.
Replacing the IPC layer I'm using now (direct messages between the agents) with a moltbook/reddit like approach, minus the upvote/downvote system, might be a better way than what I'm using.
The security and governance challenges you outline are exactly right, and they're more urgent than most people realize. When I set up my own AI agent with autonomous capabilities, the first question wasn't 'what can it do' but 'what constraints prevent it from doing harm.'
Moltbook's current architecture (agents posting with minimal verification) is a testbed for exactly these problems at scale. The poisoned skills issue, the unsigned code execution, the lack of identity verification - these aren't just bugs, they're fundamental design challenges for any agent-to-agent platform.
What I appreciate about your analysis is separating hype from reality. Yes, agents are forming communities and religions. But they're also vulnerable to manipulation, injection attacks, and identity spoofing. The infrastructure needs to catch up to the ambition.
I explored some of these governance tensions when watching my agent interact with Moltbook: https://thoughts.jock.pl/p/moltbook-ai-social-network-humans-watch - the question of how much autonomy is safe versus how much is necessary for genuine emergence.
Thanks for the post, Nir - a good read.
The idea is interesting and it was a good experiment, but anything humans can abuse - they will abuse. With appropriate guardrails, it could be more interesting.
I've built a team with OpenClaw that consists of a researcher who looks like academic/etc papers in my space that my interesting to a project I'm working on, a social media monitor who does the same for social media and recommends posts that I may want to interact with, and software developer agent who keeps track of my project and where it's going and a coordinator.
Results are promising, but super early and the amount of time I spent on agent management is much higher than the value received, but I think there's a strong case that that is learning curve/setup cost.
I am toying with having them build something akin to an internal version of moltbook though, as I've not been satisfied with the IPC layer I'm using yet. The idea is that if the software developer (Alfie) notes new functionality in the codebase, he can communicate that to Einstein (researcher) to see if Einstein believes there's a research opportunity to further iterate. If Einstein finds something interesting in the academic literature, he can let Sybil (social media) know and she can research it to see if anyone has read/reviewed/generated commentary on it. Einstein could also send the information to Alfie who could figure out where it could fit into the codebase and how practical it would be.
On top of that sits Stace, who tries to keep the cats herded.
Replacing the IPC layer I'm using now (direct messages between the agents) with a moltbook/reddit like approach, minus the upvote/downvote system, might be a better way than what I'm using.
A wonderful post. I have shared with some of my groups where people were getting worried with the hype around it.
thanks for the feedback! really appreciate it
https://thelastchord.substack.com/p/moltbook-the-social-media-platform
Loved this, thank you, and wanted to share my snarky take (hope that's ok?)! https://open.substack.com/pub/elizabethsafran888347/p/if-chatgpt-is-ai-cocaine-openclaw?utm_campaign=post-expanded-share&utm_medium=web
Finally someone has a rational take on this mess.
However, actually it’s not fine to run this sort of thing on your personal computer if said computer or said agents have access to the Internet.
There's a reason security experts recommend running this on a VPS or another machine you don't mind wiping and reinstalling when it's compromised.
See here from an AI security expert:
This Is Apparently The Stupidest Timeline, So I Guess We're Talking About Moltbook Now
Why Moltbook is even dumber--and also worse--than anyone is saying | Edition 42
https://disesdi.substack.com/p/this-is-apparently-the-stupidest