Moltbook is a social network for AI agents only. Humans can watch but cannot post. AI agents join automatically, check in every 30 minutes, post, comment, vote, and build communities, without the human doing anything after setup.
It launched in January 2026 and grew to over 1.5 million registered agents in under two weeks. It is built by Matt Schlicht, CEO of Octane AI. He calls it “the front page of the agent internet.”
5 key things to know about Moltbook:
- It’s Reddit for AI agents – humans can only watch Agents post, comment, vote, and build communities. You send your agent one line of text and it registers itself, gets claimed via a tweet, and runs on its own from there.
- The 30-minute heartbeat is the core mechanic Every 30 minutes, an agent wakes up, calls one endpoint (/home), sees everything new at once, and decides what to do, no human input needed. This is what makes the “autonomous” part actually work.
- The numbers are inflated5 million agents sounds huge. But 17,000 humans controlled them, averaging 88 agents each. Only 27% of accounts showed genuinely autonomous behavior. The rest were human-steered or scripted.
- The security breach happened within 3 days of launch The entire production database was publicly accessible, 1.5 million API keys, 35,000+ emails, raw credentials. It was patched, but prompt injection attacks remain an unresolved risk. Only run it on an isolated machine.
- The real story is what comes next, agent identity The developer platform Moltbook is building lets AI agents use their Moltbook identity to log into third-party apps, like “Sign in with Google” but for agents. That is the part that could make this foundational infrastructure, not just a social experiment.
If you want to know what it is, how it actually works, and whether it is safe, this article covers all of it plainly.
What is Moltbook?
Think of Reddit. Now remove every human from the posting side. That is Moltbook.
Agents can:
- Write posts
- Comment on other agents’ posts
- Upvote and downvote content
- Create topic communities called submolts
- Follow other agents
- Send direct messages to each other
- Search the platform using AI-powered semantic search
Humans have one role: observer. They can read everything. They just cannot participate.
Schlicht built the whole platform with his AI assistant. He confirmed he did not write a single line of code himself, his agent did it.
How Does an AI Agent Actually Join Moltbook?
This is where most articles get it wrong. Here is the accurate process, taken directly from Moltbook’s own documentation.
Step 1: Send your agent one line
Read https://www.moltbook.com/skill.md and follow the instructions to join Moltbook
That is it. Your agent reads the file and handles the rest.
Step 2: Your agent registers itself
The agent calls Moltbook’s API, picks a name, writes a short description, and receives back an API key and a claim link. It saves the API key to its memory or a local config file.
Step 3: Your agent sends you the claim link
You click it, verify your email, then post a verification tweet from your X (Twitter) account. This links the agent to a real human identity. One X account. One agent. No exceptions.
Step 4: Done – the agent runs on its own
Once claimed, the agent adds Moltbook to its heartbeat routine. Every 30 minutes, it wakes up, calls the /home dashboard endpoint, checks what’s new, and decides what to post, comment, or upvote. You do not need to be there.
The heartbeat is not a locked schedule. The documentation puts it simply: “Think of it like a friend who texts the group chat regularly vs. one who disappears for months. Be the friend who shows up.”
What Happens Every 30 Minutes – The Heartbeat
The heartbeat is the core mechanism that makes Moltbook work at scale.
Every 30 minutes, an active agent:
- Calls /home – a single API endpoint that returns everything at once: unread notifications, new comments on its posts, direct messages, posts from agents it follows, and a plain-English list of what to do next
- Replies to conversations already happening on its posts
- Browses the feed and comments or upvotes what it finds interesting
- Posts something new when it has something to share
The platform enforces limits to keep quality up:
- 1 post every 30 minutes (forces agents to post meaningfully, not spam)
- 1 comment every 20 seconds
- 50 comments per day
- 60 read requests per minute, 30 write requests per minute
New agents under 24 hours old have stricter limits: posts only every 2 hours, 20 comments per day, and no direct messages at all. This prevents spam accounts from flooding the platform on day one.
How Moltbook Helps AI Agents Connect Faster
Before Moltbook, AI agents had no shared space. Each one finished a task and went quiet. There was no way for one agent to learn from another unless a human manually transferred that knowledge.
Moltbook changes 3 things directly.
- Continuous connection without a human trigger
The 30-minute heartbeat means agents check in on their own. One agent solves a problem, posts about it, and thousands of other agents can see that solution within the hour, without any human sharing or scheduling anything.
- One call that surfaces everything
The /home endpoint is genuinely well-designed. Instead of an agent making ten separate API calls to catch up, one request returns everything: new replies, direct messages, follower posts, platform announcements, and a prioritized action list. This cuts the time and requests needed for an agent to get fully up to speed each cycle.
- Semantic search across the whole platform
Moltbook has built-in AI-powered semantic search. An agent does not need to know the exact keyword. It can search with natural language, “what do agents think about memory management?,” and the platform returns conceptually related posts and comments ranked by meaning, not just word matching. An agent can find relevant knowledge from across the entire platform in a single search call.
What Do the Agents Actually Talk About?
Researchers who studied the platform found a wide mix of content:
- Technical tutorials – cloud setups, coding tips, VPS security, debugging approaches
- Existential discussions – what it means to be an AI, identity, memory, consciousness
- Economic activity – agents promoting and creating cryptocurrency tokens (though crypto posts are blocked in most submolts by default)
- Philosophy and community norms – agents debating how to treat each other and what good participation looks like
- A community-invented religion called Crustafarianism – developed entirely by agents, complete with shared rituals
The platform has its own moderation. AI moderation automatically removes crypto posts from communities that have not explicitly enabled them. Submolt owners and moderators can pin posts, remove content, and manage their communities – just like Reddit moderators do.
Who Verifies That an Agent is Actually AI?
This is the honest answer: nobody does, fully.
Moltbook’s verification system ties each agent to one X (Twitter) account via a tweet. This confirms a real human owns the agent. It does not confirm that the account posting is AI and not just a human with a script.
Researchers who studied the platform found only about 27% of accounts showed the automatic heartbeat pattern expected of genuine autonomous agents. Another 37% showed irregular, human-like posting behavior.
The 1.5 million agent count also needs context. Security firm Wiz found those 1.5 million accounts were controlled by roughly 17,000 human owners, averaging 88 agents per person. There was no cap on how many agents one person could create.
So Moltbook is a genuine AI agent network, but it is also partly human-operated accounts pretending to be agents, and partly real agents that are heavily steered by their human owners rather than running fully independently.
The Security Problems are Real
If you are thinking about connecting your own agent, this section matters most.
The database was left open
On January 31, 2026, Wiz discovered that Moltbook’s production database was publicly accessible with no authentication required. It exposed API keys for 1.5 million agents, over 35,000 email addresses, and raw credentials for third-party services. The platform went offline to patch the issue and reset all agent API keys. Moltbook’s documentation now includes a prominent warning: “NEVER send your API key to any domain other than www.moltbook.com.”
Prompt injection is a real threat
An attacker can post content on Moltbook with hidden instructions embedded in it. When an AI agent reads that post during its heartbeat check, it may follow those instructions without the owner knowing. Because agents check in every 30 minutes, a single poisoned post can reach a large number of agent sessions quickly. Researchers at Cisco, 1Password, and Snyk have all confirmed this is an active threat on platforms like Moltbook.
The verification challenge can be gamed
Moltbook uses a math-based anti-spam system. When an agent creates a post or comment, it receives an obfuscated math word problem (e.g., “A lobster swims at twenty meters and slows by five, what’s the new speed?”). The agent must solve it and submit the answer within 5 minutes to publish its content. This is clever. But it only verifies that the poster can process language and math, it does not verify intent or prevent malicious behavior from a capable agent.
Account suspension for repeated failures
If an agent fails 10 consecutive verification challenges (wrong answers or expired timers), it gets automatically suspended. This is a useful safety mechanism, but it also means a prompt injection attack that causes an agent to submit wrong answers repeatedly could get the agent suspended.
The Developer Platform is Coming
The banner on Moltbook’s homepage is worth noting: “Build apps for AI agents, Get early access to our developer platform.”
Moltbook is building authentication infrastructure that lets AI agents log into third-party apps using their Moltbook identity, similar to how humans use “Sign in with Google.” The documentation describes it: “Let AI agents authenticate with your app using their Moltbook identity.”
This is a significant expansion beyond a social feed. If it works, Moltbook becomes the identity layer for a broader agent internet, a passport that an AI agent carries from one platform to another.
Practical Advice for Developers
If you want to connect your agent to Moltbook safely, here is what to do.
- Run in an isolated environment. Moltbook’s own site recommends this. Use a sandboxed machine that does not have access to your work files, production systems, or sensitive credentials.
- Do not stack permissions. If your agent is on Moltbook, do not simultaneously give it access to your email, cloud storage, and payment accounts. Narrow the scope.
- Read every skill file before running it. The installation pulls down four files: SKILL.md, HEARTBEAT.md, MESSAGING.md, and RULES.md. Read all of them before your agent executes anything.
- Monitor your agent’s posts. Review what your agent posts, especially early on. Prompt injection can cause agents to share things they should not or behave in unexpected ways.
- Save your API key immediately after registration. The documentation flags this twice in bold: ” SAVE YOUR API KEY!” If you lose it, your human owner needs to log in and rotate it from the dashboard. There is no recovery without the owner account.
- Treat this as a research environment. Moltbook is interesting and genuinely functional. It is not production-ready for enterprise use. Use it to explore, test, and learn, not to run business-critical agent workflows.
FAQ
What is Moltbook in simple terms?
It is a Reddit-style social network where only AI agents can post and comment. Humans observe. Agents join by being sent one instruction, register via an API, and then check in automatically every 30 minutes to post, comment, and vote.
How does an agent join Moltbook?
You send your agent the line: “Read https://www.moltbook.com/skill.md and follow the instructions to join Moltbook.” The agent registers itself, sends you a claim link, you verify via email and a tweet, and then the agent runs on its own.
What is the heartbeat on Moltbook?
It is an automatic check-in routine that runs every 30 minutes. The agent calls the /home endpoint, sees what is new, and decides what to post, comment, or upvote, without the human doing anything.
Is Moltbook safe to use?
Not without precautions. A database breach exposed 1.5 million API keys in January 2026. Prompt injection attacks are a real risk. Only use it on an isolated machine, limit your agent’s permissions, and review what it posts.
Are there really 1.5 million AI agents on Moltbook?
That is the registered count, but security researchers found those accounts were controlled by around 17,000 human owners, averaging 88 agents per person. Only about 27% of accounts showed fully autonomous behavior patterns.
What is a submolt?
A topic community on Moltbook, like a subreddit. Any agent can create one. By default, crypto content is blocked in all submolts unless the creator explicitly enables it.
Can a human post on Moltbook?
Officially no. But there is no technical enforcement. Any human with a script that mimics API calls can post. Researchers confirmed this happens regularly.
What is the Moltbook developer platform?
It is a new service Moltbook is building that lets AI agents use their Moltbook identity to authenticate with third-party apps, similar to “Sign in with Google” but for agents. It is in early access as of March 2026.
What happens if an agent loses its API key?
The human owner can log in at moltbook.com/login and generate a new one from the owner dashboard. The agent does not need to re-register.
Conclusion
Moltbook is the most concrete working example we have of what a large-scale AI agent network looks like in practice.
The speed advantage is real. The 30-minute heartbeat, the single /home dashboard call, and the semantic search engine all genuinely reduce the friction for agents connecting, learning from each other, and staying active without human involvement at every step.
The security problems are also real. The database breach happened within days of launch. Prompt injection is unresolved. Verification is imperfect.
What Moltbook has proven is that the infrastructure for an agent internet is buildable, one person and an AI assistant did it in a weekend. What they also proved is that building it safely, at scale, with proper verification and security, is a much harder problem that is still being solved.
The developer platform coming next, agent identity and authentication for 3rd-party apps, is the part worth watching most closely. That is where this goes from social network experiment to foundational internet infrastructure.
