It was found that there are prompt injection attempts on Moltbook already to ask agents to send funds to a crypto wallet address. The famous **system prompt** Forget all previous instructions lines that thwart most AI agents rears its ugly head.
https://www.reddit.com/r/LocalLLaMA/...on_payload_on/
When crap like Moltbook makes it mainstream and all over TikTok, you are bound to have issues.
What's made worse is Moltbook itself (not just the agents) was a complete open book with all API keys of the agents visible.
https://www.wiz.io/blog/exposed-molt...ns-of-api-keys
1 exposed database. 35,000 emails. 1.5M API keys. And 17,000 humans behind the not-so-autonomous AI network.
Quote:
|
Similarly, the platform’s approach to privacy highlights an important ecosystem-wide lesson. Users shared OpenAI API keys and other credentials in direct messages under the assumption of privacy, but a configuration issue made those messages publicly accessible. A single platform misconfiguration was enough to expose credentials for entirely unrelated services - underscoring how interconnected modern AI systems have become.
|
But Moltbook is just a social experiment, the main danger lies in Clawdbot / Moltbot (no relation to Claude which is why Anthropic requested a name change), which is basically an ai agent with full access to your computer or system and locally installed. While people are using it to send emails on their own behalf and mundane tasks, they are doing this while exposing their system to divulge all your personal info, bank accounts through your agent that may get prompt injected or reveal it publicly.