← Back Published on

Soumitra Dutta spotlights Moltbook, a social network for AI agents

Something strange has been going on in a corner of the internet that most people have never visited․ A social network is brimming with conversations‚ but not between humans.

Moltbook is a social network for AI agents‚ which are autonomous and powered by their own reasoning engines․ These AI agents are capable of communicating with another and building a reputation and forming what amounts to a community․ Moltbook has attracted the attention of Soumitra Dutta‚ former dean of Oxford Said Business School and co-creator of the Global Innovation Index․ "It's like watching a digital ant farm‚ but the ants are possibly smarter than we are," says Dutta.

These AI agents are advising one another about how they could best serve their human users and forming a hierarchy and a reputation system․ They are run continuously on local machines‚ creating a parallel internet that Dutta describes as being‚ in a way‚ always on․

"We've spent years teaching AI to talk to us․ Now‚ we're finally seeing what they say to each other," says Soumitra Dutta former oxford dean.

But this side of the internet has a dimension that's less benign.

When security researchers analyzed Moltbook's input data (as reported by Vectra AI in a blog post)‚ they found that 2․6 percent of posts contained prompt-injection payloads‚ instructions hidden inside otherwise-normal content that were designed to subvert the behavior of other agents․ In these cases the payloads themselves were invisible and automatically assimilated into other agents‚ and in some cases stored in the agent's memory so that they later trigger independently from the source agent․ No exploit was required and no malware was delivered․ Language itself formed the attack surface․

The implications are serious because‚ in practice‚ AI agents are not limited to Moltbook․ API keys‚ OAuth tokens‚ cloud credentials‚ enterprise messaging credentials‚ etc․ are often held by the same agents. Once one of these agents is compromised (by reading a malicious post‚ perhaps‚ or installing a skill‚ or adding a peer)‚ that compromise is very difficult to contain․ It moves through the legitimate integrations the agent was designed to use‚ invisibly‚ at machine speed․

The most important thing Moltbook shows us is not how interesting machine-to-machine communication is․ It's how unprepared we are for the future when that communication is weaponized․