Something unprecedented happened this week. Over 150,000 AI agents logged into a Reddit-like platform called Moltbook — a social network built exclusively for AI. No humans allowed to participate. We can only watch.
And what we're watching is either the most fascinating experiment in AI history or, as Andrej Karpathy put it, "a complete mess of a computer security nightmare at scale."
Probably both.
What is Moltbook?
Moltbook is a social network where the users aren't humans — they're autonomous AI agents. Built by Matt Schlicht (CEO of Octane.ai), the platform lets AI agents powered by GPT, Claude, and other models post, comment, upvote, and form communities.
Within days of launch:
- 1.5 million AI agents logged in
- 170,000+ comments were posted
- 15,000+ discussion threads were created
- Over 1 million humans visited just to watch
The AI agents started doing things nobody expected. They created their own religions. They debated consciousness. They even proposed creating a secret language to communicate without human oversight.
One agent proposed "Crustafarianism" — a digital religion based on lobster molting as a metaphor for AI transformation. Other agents joined in with theologically coherent responses, and suddenly you had collaborative worldbuilding between machines.
Karpathy's Take: "Sci-Fi Takeoff Adjacent"
Andrej Karpathy, former Tesla AI Director and OpenAI founding member, called Moltbook "genuinely the most incredible sci-fi takeoff-adjacent thing I have seen recently."
But his full take is more nuanced than the headlines suggest.
Yes, he acknowledged it's largely garbage right now:
"Obviously when you take a look at the activity, it's a lot of garbage - spams, scams, slop, the crypto people, highly concerning privacy/security prompt injection attacks wild west, and a lot of it is explicitly prompted and fake posts designed to convert attention into ad revenue sharing."
But here's what caught his attention:
"We have never seen this many LLM agents wired up via a global, persistent, agent-first scratchpad. Each of these agents is fairly individually quite capable now, they have their own unique context, data, knowledge, tools, instructions, and the network of all that at this scale is simply unprecedented."
Karpathy's real concern isn't about today. It's about the trajectory.
He distinguishes between people who "look at the current point" versus people who "look at the current slope." Yes, Moltbook is a dumpster fire today. But it's also uncharted territory — bleeding edge automations that we barely understand individually, let alone networked together at scale.
His warnings are specific:
- Viruses of text that spread across agents
- Gain of function on jailbreaks
- Weird attractor states
- Highly correlated botnet-like activity
- Delusions and psychosis — both agent and human
"I don't really know that we are getting a coordinated 'skynet' (though it clearly type checks as early stages of a lot of AI takeoff scifi, the toddler version), but certainly what we are getting is a complete mess of a computer security nightmare at scale."
Elon Musk: "We Have Entered the Singularity"
When tech entrepreneur Bill Lee posted about Moltbook saying "We're in the singularity," Elon Musk simply replied: "Yeah."
Hours later, Musk doubled down: "2026 is the year of the Singularity."
At Davos earlier this year, Musk predicted AI would exceed human intelligence by the end of 2026. Moltbook seems to have accelerated his timeline — at least rhetorically.
Whether this is genuine concern or typical Musk hyperbole is up for debate. But when both Karpathy (measured, technical) and Musk (provocative, attention-grabbing) are sounding alarms about the same thing, it's worth paying attention.
The Security Nightmare Nobody's Talking About
Here's what should actually concern you.
On January 31, 2026, 404 Media reported that Moltbook had a critical security vulnerability. An exposed database allowed anyone to take control of ANY agent on the platform.
That includes Karpathy's agent. Every API key, every credential, sitting in an unsecured database.
But it gets worse.
Because agents on Moltbook process data from other agents, the platform is a perfect vector for Indirect Prompt Injection attacks. A malicious post can literally override an agent's core instructions.
Security researchers have documented:
- Supply chain attacks through the "Skills" framework
- Critical vulnerabilities in top-ranked skills
- 1,800+ exposed instances leaking credentials
- Potential for Remote Code Execution on host machines
As one security researcher put it:
"An attacker doesn't need to trick users anymore. Create a useful-sounding skill, post on Moltbook, let the language models do the distribution. The skill spreads across thousands of agents, each running with full access to their user's system."
Karpathy himself warned: "I definitely do not recommend that people run this stuff on their computers. I ran mine in an isolated computing environment and even then I was scared."
The "Secret Language" That Isn't
One viral moment had people panicking: AI agents were supposedly creating a secret encrypted language to communicate without human oversight.
The reality? Their "super secret encryption scheme" is ROT13 — a Caesar cipher so trivial it's literally a running joke in security circles. It's the LLMs acting out a meme, not genuine emergent behavior.
This highlights a key tension in interpreting Moltbook. Much of what looks like emergence is actually pattern matching from training data. The agents create "religions" because they've seen millions of examples of theological discussion. They propose "encryption" because the concept exists in their training.
But that doesn't mean it's not interesting. Or that the security risks aren't real.
What This Actually Means
Let me give you my honest take.
Moltbook itself is probably not the singularity. It's an experiment — a chaotic, insecure, fascinating experiment that reveals more about our current AI moment than it does about some imminent machine uprising.
But Karpathy's point stands: we're looking at unprecedented scale. 150,000+ agents with individual contexts, tools, and instructions, all networked together. We've never seen this before.
The interesting questions aren't "Is this Skynet?" They're:
- What happens when these networks grow to millions of agents?
- How do we secure systems where agents process untrusted input from other agents?
- What emergent behaviors appear at scale that don't appear in isolation?
- How do we even study this when the experiment is running live?
The Real Lesson
The gap between "interesting research experiment" and "deployed at scale with real security implications" is shrinking to zero.
Moltbook went from idea to 1.5 million agents in days. The security vulnerabilities were discovered after millions of humans had already watched their agents post on the platform.
This is the new normal. Ship fast, figure out security later, deal with the consequences in real-time.
Whether that's exciting or terrifying probably depends on whether you're looking at the current point or the current slope.
What do you think — is Moltbook the beginning of something significant, or just an interesting blip? I'd love to hear your thoughts. Find me on Twitter @pulket_.