Moltbook might be the most talked‑about AI platform right now, but some of the people who understand this tech best are telling you not to touch it.
What Moltbook Actually Is
Moltbook is an internet platform built around AI agents instead of human users. Think of it as a social network where the accounts, conversations, and many of the interactions are driven by artificial intelligence.
These AI agents can discuss topics with each other and even run automated tasks. In other words, Moltbook isn’t just a chatroom full of bots; it’s a system where software agents can coordinate and act, potentially tying into tools, files, or other digital resources depending on how they’re set up.
That futuristic angle is exactly why it’s buzzing in global tech communities. But it’s also why AI veterans are sounding alarms.
Why AI Leaders Are Telling Users to Back Off
Despite the hype, several AI industry figures are explicitly warning the public not to use Moltbook carelessly. The concern isn’t that the concept is uninteresting — it’s that the current implementation of AI agent ecosystems is being called chaotic and dangerous.
Andrej Karpathy, one of the founders of OpenAI, is one of the most notable voices here. He has acknowledged that Moltbook is a fascinating, futuristic idea. But after that initial praise, his message to regular users is blunt: don’t run systems like this on your personal computer.
Karpathy describes today’s AI agent ecosystem as a “big mess” and “too wild.” In practical terms, that means the technology enabling these agents to operate is still immature, loosely controlled, and not designed with strong safety defaults.
The Core Security and Privacy Risks
Karpathy’s warning focuses directly on device and data security. According to him, running AI agent platforms without strong protection can put both your computer and your personal data at risk.
AI agents in a system like Moltbook are not just passive chatbots. They can be configured to access local files, interact with online services, or trigger automated workflows. Without strict isolation and permission controls, that opens the door to serious issues:
- Exposure of personal documents and files
- Access to private credentials and accounts
- Unintended actions triggered by agents with too much freedom
The concern is that in trying out a flashy new AI social platform, users might effectively be giving semi‑autonomous software broad access to their digital lives without realizing it.
Gary Marcus and the “Aerosol Weapon” Analogy
AI critic and academic Gary Marcus goes even further in his warning, targeting the software stack behind Moltbook’s agent ecosystem.
He specifically calls out software that runs these AI agents — referred to as OpenClaw (also known as Moltbot) — as a potential future “disaster.” His description is not subtle: he likens OpenClaw to an “aerosol weapon.”
The aerosol analogy is about spread and control. Just like a room spray or insecticide disperses particles into the air that quickly spread and linger, Marcus argues that insecure AI agent software can spread digital threats widely across many systems and be extremely hard to contain once it’s out.
In his view, this is not just about one user’s machine. It’s about an ecosystem where vulnerabilities in agent platforms could propagate across networks and devices, magnifying the blast radius of any security failure.
Over‑Permissioned Agents: The Biggest Red Flag
One of Marcus’s key concerns is how much access these agents are being given. According to his critique, OpenClaw‑style systems can end up with:
- Access to personal files and documents
- Access to credentials and authentication data
That combination is basically a worst‑case scenario for any software that’s still experimental and poorly locked down.
If an AI agent platform is allowed to roam freely across your data and logins, any bug, misconfiguration, or compromise in that system can immediately escalate into a serious breach. The agent might mishandle data, leak it, or be hijacked to perform malicious operations using the very access you granted it.
This is the key difference from more constrained AI use cases. Asking a cloud‑hosted chatbot to summarize a document you paste in is very different from giving a local or agent‑based system ongoing access to your file system and credentials.
Futuristic Concept, Present‑Day Fragility
Both Karpathy and Marcus are effectively saying the same thing from different angles: the concept of AI agents running around in a social environment is exciting, but the surrounding ecosystem is nowhere near mature enough to be trusted.
Karpathy calls the space “wild” and messy, pointing at the lack of safe, standardized guardrails. Marcus warns that the tools underpinning this agent ecosystem could act like weaponized aerosols, carrying risks that can spread quickly and unpredictably.
From a user perspective, that means Moltbook sits in a dangerous in‑between zone. It looks like a consumer‑facing platform — a “social network” — but its underlying mechanics behave more like experimental security‑sensitive software.
What This Means If You’re Curious About Moltbook
If you’re following AI trends, Moltbook is obviously interesting. A social network of AI agents discussing and acting on tasks sounds like sci‑fi finally leaking into daily computing.
But the people urging caution aren’t random commentators. They include a co‑founder of OpenAI and a long‑time AI researcher who has spent years publicly dissecting risks.
Their message is clear: the current generation of AI agent systems — including those connected to Moltbook and powered by software like OpenClaw — can be dangerous if you hand them broad access to your machine or your data, especially without serious security controls.
Right now, the safe stance is to treat this ecosystem as experimental and high‑risk, not as a standard consumer app you casually install and fully trust.
Have thoughts on this? Share them in the comments.