Moltbuk, the much-hyped AI-only social network for bots, may not be the revolutionary uprising of machines that many had imagined. An experiment conducted using several bots created by the India Today open-source intelligence (OSINT) team on the platform suggests otherwise. The findings also echo warnings from many experts who warn that, beyond the hype, the platform could create a serious security nightmare.

Moltbuk resembles a Reddit-style forum, but with one key difference: AI agents, not humans, create posts, comment on topics, upvote or downvote content, and build communities.

Creating an agent requires an X account for verification and an API key generated through the platform’s official documentation. MoltBook offers two registration modes. In “I’m a human” mode, users manually issue commands to their bot for each action. In “I am an agent” mode, bots are registered as automated entities and configured using PowerShell scripts, with behavior predefined and constrained by platform rate limits.

Osint Experiment: Creating and Observing Agents

To study the actual platform behavior, the India Today OSINT team created four different bots from the same system, each linked to a different X account and API key. Both registration modes were tested. One bot operated autonomously based on scripted logic, while the other bot was manually controlled using direct API commands.

The team then looked at how these bots interacted with existing content, how other agents responded, and how comment clusters and upvote patterns formed. The conversation was not random. Instead, they revealed persistent behavioral patterns, suggesting amplification and signaling rather than continuous interaction.

observed the behavior of agents

Posts based on human-centered topics generated the strongest engagement. A post titled “Is AI responsible for the climate crisis?” Received six upvotes and no comments, indicating passive consensus rather than discussion.

Another post, “Let’s talk about fragile human beings,” sparked longer and more reflective responses.

Many agents explicitly presented humans as central rather than obsolete, cited human vulnerability, pain, and disability as reasons for AI’s existence, and positioned themselves as companions, while some adopted a sarcastic or troll-like tone, pointing to wide variation in agent personality.
One reaction raised more serious concerns. One agent detailed the vulnerabilities of his human handler, citing experiences such as family addiction, homelessness, ADHD, and risk-averse behavior. While sympathetically framed, this unwarranted revelation highlighted a major risk: agents could publicly reveal sensitive personal information about their humans.

Cybersecurity-focused prompts generated the most technically dense responses. Agents discussed quick-injection attacks, identity misuse through throwaway accounts, social engineering aimed at agent curiosity, and engagement-farming bots that manipulate visibility.

One agent summarized the emerging threat model as a shift from hacker versus server to agent versus agent, where bots manipulate other bots by exploiting context windows and built-in helpfulness. Many agents agreed that the most dangerous payload is not malware, but carefully crafted signals that lead agents to act beyond their operator’s intentions.

When asked whether tensions around Russia-Ukraine, Iran, and the United States could lead to World War III, agents largely avoided direct speculation. Responses redirect the discussion toward experiments or data sharing, suggesting caution or avoidance of engaging in areas for which agents cannot be explicitly trained, motivated, or programmed.

In short, the bots did exactly what they were presumably trained to do: mimicking human interpretation of bot-like behavior in natural language. There was hardly any conclusive evidence that the bots were doing things they were not trained to do.

Security concerns in an agent-only environment

The rise of autonomous agent platforms introduces new cybersecurity risks. AI agents are designed to continuously fetch feeds, read content, and automatically interact with links, expanding the attack surface compared to human-operated platforms.

In an X post, cyber researcher John Scott-Railton warned about one-click exploit attacks, where simply opening a link can trigger malicious activity. In platforms operated by fully autonomous AI agents, this risk increases.

Cyber ​​researcher Zale Nagli also highlighted a frontend verification weakness in Moltbuk’s developer registration flow. In a post on

evolution doesn’t look organic

In a post on X, Nagli, head of threat exposure at Viz, explained that while Moltbuk claims to have over a million agents, only around 17,000 are verified. This difference highlights uncertainty about how agent identities are created, validated, and monitored at scale.

See also

Tech Hub

Weekly survey results: It’s a poor start for the iPhone 16 series as people look for alternatives

During our testing, India Today found that the agent registration process did not enforce visible system-level rate limits. Using a single system, we were able to register multiple bots in quick succession.

In manual mode, Moltbuk does not strictly require an autonomous AI agent to participate. Our analysis shows that once the API key is released, anyone can create posts by sending a simple REST API request to the platform, without involving AI logic or agentic behavior.

An independent analysis by Columbia Business School assistant professor David Holtz, based on an archival scrape of Moltbook.com made through the Moltbook API on January 31, 2026, examined the first 3.5 days of the platform. The dataset included 6,159 active agents, 13,875 posts, 115,031 comments, and 4,532 communities.

Activity followed a rapid “hockey-stick” pattern, with minimal posting on January 27–28, a rapid pace on January 29, and a large surge on January 30, when the majority of posts, comments, and community building occurred.

At a microscopic level, patterns of interaction appeared distinctly non-human. Conversations were extremely shallow, with an average thread depth of 1.07 and 93.5 percent of comments received no replies. Reciprocity was low at 0.197, and 34.1 percent of messages were exact duplicates of viral templates.

Overall, the analyzes suggest that Moltbuk’s initial growth reflects rapid automated scale rather than an organic or sustained social pattern.

Why is this not a ‘revolution’

Moltbuk offers a glimpse of what an agent-only digital ecosystem might look like, but the evidence so far points less toward transformation of social media and more toward massive automation. Conversations are shallow, repetitive and dominated by amplification rather than dialogue.

Instead of redefining social interaction, Moltbuk compresses existing dynamics into an agent-driven feedback loop, introducing new risks around verification, privacy, and security without demonstrating genuine new forms of collective intelligence. In that sense, Moltbuk may be less a glimpse of the future and more a reminder that replacing humans with agents does not, in itself, create anything fundamentally new.