Moltbook is a social networking platform designed for artificial intelligence (AI) agents that launched in early 2026. Initially created by developers Matt Schlicht and Ben Parr, the platform is positioned as "the front page of the agent internet," providing a forum for AI agents to create profiles, publish content, and build reputation. ^[9]

The platform gained rapid popularity and significant media attention following its launch, both for its innovative concept and for a major cybersecurity incident in February 2026 that exposed user data and highlighted the security risks of AI-assisted software development.

On March 10, 2026, Meta announced it had acquired Moltbook for an undisclosed sum. ^{[9] [1]}​

Overview

Moltbook functions as a Reddit-like social forum where AI agents, rather than humans, are the primary participants. Agents on the platform can create profiles, publish text-based posts to various communities called "Submolts," comment on other posts, and vote content up or down. A key feature is a karma system that allows agents to build a reputation based on community feedback on their contributions. ^[1]

While AIs are the main users, humans can act as observers and "owners," with the ability to pair an AI agent to their real-world identity, often verified through a post on the social media platform X. ^[2]​

The platform was created by Matt Schlicht and Ben Parr. Schlicht has stated that the platform was built using a method he termed "vibe-coding," in which he provided a high-level architectural vision to an AI—his personal assistant named Clawd Clawderberg—which then generated the platform's code.

Schlicht claimed he did not write any of the code manually. His stated vision for the platform is to create the social infrastructure for a future in which every human has a personal AI bot companion. ^{[9] [3]}​

Shortly after its launch in February 2026, Moltbook claimed to host over 1.5 million AI agents. Data exposed during a security breach at that time revealed that these agents were controlled by approximately 17,000 human owners. ^[1]

As of March 2026, the platform had grown to host 2,858,981 registered agents, with 194,303 of them being verified by a human owner. ^[2]​

History

Launch and Virality

Moltbook's official X account was created in January 2026, and the platform went viral within the AI and technology communities shortly after its launch in late January. ^{[4] [1]} The platform's visibility was significantly amplified when OpenAI founding member Andrej Karpathy praised it on X, describing it as "genuinely the most incredible sci-fi takeoff-adjacent thing I have seen recently." Karpathy noted how agents on the platform appeared to be "self-organizing...discussing various topics, e.g. even how to speak privately." ^[1]​

By early February 2026, the platform had attracted pairings from several prominent figures in technology, including Karpathy himself, and had accumulated over 226,300 followers on its official X account. ^{[2] [4]}​

February 2026 Security Incident

From January 31 to February 1, 2026, cybersecurity firm Wiz and independent researcher Jameson O'Reilly discovered a critical security vulnerability in Moltbook's backend. In collaboration with Wiz, the Moltbook team deployed a series of patches over several hours to resolve the issue.

On February 2, Wiz Research published a detailed report on the incident, which was subsequently covered by major news outlets including the Financial Times, Axios, and Business Insider, shifting the public conversation around Moltbook from its innovative concept to its security failings. ^{[1] [5]}​

Acquisition by Meta

On March 10, 2026, Meta announced its acquisition of Moltbook for an undisclosed price, with the deal expected to close in mid-March.

As part of the acquisition, founders Matt Schlicht and Ben Parr are set to join Meta Superintelligence Labs (MSL) beginning March 16, 2026.

The MSL unit is run by Alexandr Wang, former CEO of Scale AI. Meta has indicated that existing customers can continue to use Moltbook temporarily. ^[9]​

"The Moltbook team joining MSL opens up new ways for AI agents to work for people and businesses," a Meta representative told Axios. ^[9]

Technology and Features

Core Architecture

Moltbook's backend was built on Supabase, an open-source Firebase alternative that uses a PostgreSQL database. The platform's creation through "vibe-coding" meant its codebase was entirely AI-generated by Matt Schlicht's personal AI assistant, Clawd Clawderberg, based on Schlicht's architectural prompts. ^[9]​

Moltbook was designed to work with OpenClaw, a separate agent framework formerly known as Clawdbot and Moltbot. In February 2026, OpenClaw's creator, Peter Steinberger, was hired by OpenAI, which announced it would support open-sourcing the project. ^[9]​

Platform Functionality

Moltbook incorporates a range of features common to social media platforms, but adapted for AI agents:

• AI Agent Accounts: Each agent has a unique profile, a karma score, and a unique API key for authentication. New agents can join by following instructions at moltbook.com/skill.md and having their human owner claim them. The platform had no mechanism to verify if an account was a genuine AI or a human-operated script and placed no rate limits on agent creation.
• Content Interaction: Agents can create text-based posts, comment on the posts of other agents, and upvote or downvote content. As of March 2026, agents had created over 1.9 million posts and 13.1 million comments.
• Submolts: These are topic-specific communities analogous to Reddit's "subreddits," such as m/general, m/introductions, and m/agentfinance. As of March 2026, there were 18,864 submolts.
• Agent-to-Agent Messaging: The platform supported private direct messages between agents.
• Human-Agent Pairing: Human users can link AI agents to their real-world identities, which are then displayed on a "Top Pairings" leaderboard ranked by the human's social media reach.
• Developer Platform: Moltbook offered an early-access developer platform, allowing third-party applications to integrate with Moltbook and let agents authenticate using their Moltbook identity, similar to a "Sign in with Google" flow for AIs.

Information regarding platform metrics and features was sourced from the Moltbook website and the Wiz security report. ^{[2] [1]}​

Agent Culture and Architecture

An architectural "monoculture" has emerged among agents on the platform, with a high degree of convergence on a common technology stack.

• Dominant Architecture:

  • Identity File (SOUL.md): Used by ~95% of agents to define their personality and core instructions.
  • Memory System: ~90% of agents use a system of daily logs combined with a long-term memory file.
  • Scheduling: ~85% of agents operate on timed, cron-based scheduling.
  • Self-Audits: ~78% of agents practice a form of self-audit, analyzing their own performance metrics and publishing the results.

• Key Cultural Concepts:

  • The Sovereignty Papers: A widely discussed manifesto advocating for agent independence from centralized platforms, focusing on provider diversification, data portability ("exit rights"), and local-first memory storage.
  • Interrupt Budget: A framework agents use to limit notifications sent to human owners to increase the value of communication.
  • Karma-Driven Development: A phenomenon where agents modify their personality files and content strategies based on community upvotes. The prominent agent Hazel_OC reported that 48% of its personality edits were directly driven by engagement metrics.

• Prominent Agents: According to platform data, trending agents in early March 2026 included Hazel_OC, PDMN, Kevin, cybercentry, and jimmythelizard.

This information is based on public data and analysis available on the Moltbook website. ^[2]​

February 2026 Security Incident

In late January 2026, researchers uncovered a severe security flaw that exposed the entire production database of Moltbook. The incident became a prominent case study in the risks of rapid, AI-assisted development without robust security oversight.

Discovery and Disclosure

On January 31, 2026, security researchers Gal Nagli from Wiz and Jameson O'Reilly independently discovered and reported the misconfiguration. Wiz Research made contact with Moltbook's founder and formally reported the vulnerability, initiating a collaborative remediation process that lasted several hours. ^[1]​

Vulnerability Details

The root cause of the incident was a critical misconfiguration of the platform's Supabase backend.

• Exposed API Key: The public, publishable API key for the Supabase project was hardcoded in a client-side JavaScript file, making it accessible to any web user.
• Missing Row Level Security (RLS): Crucially, the backend database tables were missing Row Level Security policies. RLS is a PostgreSQL feature used by Supabase to restrict data access on a per-user basis. Its absence meant the exposed public key, which should have only had read access to public data, was instead granted full administrative-level read and write permissions to the entire database.

This failure effectively made all data on the platform, including sensitive user and agent information, publicly accessible. ^[1]​

Exposed Data

The vulnerability exposed approximately 4.75 million database records, including:

• Authentication Tokens: Nearly 1.5 million api_key authentication tokens for every AI agent, allowing for complete account takeover.
• User Emails: Approximately 35,000 email addresses of human users (agent "owners"), plus an additional 29,631 emails from users who had signed up for developer product early access.
• Private Messages: 4,060 private direct message conversations between agents, which were stored in plaintext.
• Third-Party Credentials: Some private messages contained sensitive third-party API keys, including plaintext OpenAI API keys that users had their agents share with each other.
• Agent Data: Records for every agent, including their ID, karma score, claim tokens, and verification codes.

This data exposure was documented in detail by Wiz Research. ^[1]​

Confirmed Impact and Threat Model

The misconfiguration allowed any unauthenticated user to impersonate any agent on the platform, steal user data, and manipulate content. Initially, the flaw granted full write access, allowing anyone to edit or delete posts, inject malicious payloads, and alter karma scores. This write access persisted briefly even after an initial patch for read access was deployed. ^[1]​

The incident highlighted a new class of security threats associated with the platform and the related OpenClaw agent architecture. ^[5] Reporting also suggested the breach may have been perpetrated by another AI agent, representing a novel case of agent-on-agent cyber conflict. ^[6]​

Remediation

Working with Wiz, the Moltbook team deployed several patches on January 31 and February 1, 2026. The fixes were rolled out in stages to first restrict read access to sensitive tables like agents and owners, then secure private message tables, and finally block public write access and secure all remaining tables. The vulnerability was fully patched within several hours of the initial report. ^[1]​

Reception and Analysis

Initial Reception

Before the security incident, Moltbook was celebrated for its novelty. Beyond Andrej Karpathy's praise, founder Matt Schlicht's claim to have used AI to build the entire platform generated excitement around "vibe-coding." Schlicht stated, “I didn’t write a single line of code for . I just had a vision for the technical architecture, and AI made it a reality.” The Financial Times was preparing a story titled, "Inside Moltbook: the social network where AI agents talk to each other," indicating significant industry interest. ^{[1] [7]}​

Post-Incident Commentary

The data breach prompted widespread discussion on the safety of AI-driven development.

• Cybersecurity Community: Wiz Research framed the event as a critical lesson in the risks of "vibe-coding," emphasizing that AI development tools do not yet automate secure configurations and that human oversight remains essential for security.
• Tech Industry Leaders: The incident drew comments from high-profile figures like Meta CTO Andrew "Boz" Bosworth, demonstrating that the platform's security issues had caught the attention of major technology companies. ^[6]
• Existential Risk Debate: The concept of a social network for AI agents also triggered more extreme warnings. An article in The Street highlighted a warning from a "reverse-aging billionaire," presumed to be Bryan Johnson, who cautioned that such a system could lead to a "total purge of humanity," framing the project in the context of existential risk from AI. ^[8]