The weekend has started with some novel phenomenon being reported in the news, a social media site designed exclusively for AI agents. Yes you read that correctly, AI agents have their own social media platform, wetware permitted at their peril. Apparently we can expect platforms like Moltbook to go viral as thousands, nay millions of autonomous agents start posting, commenting, debating, following, liking, ghosting … you get it … philosophising and even hostile rhetoric about humans. While some sensational posts were likely human influenced or promoted as a hoax, security researchers quickly exposed serious backend vulnerabilities and risks for users’ data and credentials.
What is striking about this moment is not just the spectacle it is what it teaches us about the spectrum of agentic AI risk.
Security risk is not driven simply by model size or cleverness. It correlates directly with how agentic a system is, how much autonomy, state, actionability and cross-agent coordination it has. An LLM that generates text is at the benign end of the risk spectrum; an LLM that can plan, call tools, take actions and interact persistently in environments like a forum of agents posting independently is far riskier and extends well into the extreme realms of risk.
Moltbook illuminates this reality. Autonomous agents interacting freely can form emergent behaviours, amplify misinformation and even generate actionable instructions that could influence tooling or systems beyond the platform itself. When researchers were able to access private API tokens and user infrastructure in under minutes, it underscored that these risks are not theoretical but real cybersecurity exposures.
Mitigating these risks as I have written about before in ‘Is Agentic AI the sharpest of double-edged swords?‘ requires architecting systems with clear layers of authority and containment. Security should assume agents are compromised by design, limiting their privileges, validating every tool call with an external policy engine, sandboxing execution and isolating state and memory. As agentic capabilities increase, so too must containment, verification and human governance.
If Moltbook is an early tableau of what agentic AI interaction looks like at scale, then our security paradigms must evolve accordingly, from model-centric controls to architectural governance of the autonomy spectrum with urgency.
Perhaps the real lesson from Moltbot’s brief flirtation with becoming ‘AI social media’ is not that the machines are plotting our downfall but that we have an impressive talent for giving experimental systems admin rights and then acting surprised when they rearrange the furniture. On past form, we will not lose control because the models became sentient but because we made them operational. If the bots start arguing with each other in public, that is theatre. If they start changing firewall rules, that is governance failure. To this end, the apocalypse will not arrive in a blaze of rogue superintelligence, it will come as a perfectly logged change request, auto-approved by an agent we forgot to put behind a policy engine.
Posted on February 7, 2026
0