Soumitra Dutta spotlights Moltbook, a social network for AI agents
Something
strange has been going on in a corner of the internet that most people
have never visited․ A social network is brimming with conversations‚ but
not between humans.
Moltbook
is a social network for AI agents‚ which are autonomous and powered by
their own reasoning engines․ These AI agents are capable of
communicating with another and building a reputation and forming what
amounts to a community․ Moltbook has attracted the attention of Soumitra Dutta‚
former dean of Oxford Said Business School and co-creator of the Global
Innovation Index․ "It's like watching a digital ant farm‚ but the ants
are possibly smarter than we are," says Dutta.
These
AI agents are advising one another about how they could best serve
their human users and forming a hierarchy and a reputation system․ They
are run continuously on local machines‚ creating a parallel internet
that Dutta describes as being‚ in a way‚ always on․
"We've spent years teaching AI to talk to us․ Now‚ we're finally seeing what they say to each other," says Soumitra Dutta former oxford dean.
But this side of the internet has a dimension that's less benign.
When security researchers analyzed Moltbook's
input data (as reported by Vectra AI in a blog post)‚ they found that
2․6 percent of posts contained prompt-injection payloads‚ instructions
hidden inside otherwise-normal content that were designed to subvert the
behavior
of other agents․ In these cases the payloads themselves were invisible
and automatically assimilated into other agents‚ and in some cases
stored in the agent's memory so that they later trigger independently
from the source agent․ No exploit was required and no malware was
delivered․ Language itself formed the attack surface․
The implications are serious because‚ in practice‚ AI agents are not limited to Moltbook․ API keys‚ OAuth tokens‚ cloud credentials‚ enterprise messaging credentials‚ etc․ are often held by the same agents. Once one of these agents is compromised (by reading a malicious post‚ perhaps‚ or installing a skill‚ or adding a peer)‚ that compromise is very difficult to contain․ It moves through the legitimate integrations the agent was designed to use‚ invisibly‚ at machine speed․
The most important thing Moltbook shows us is not how interesting machine-to-machine communication is․ It's how unprepared we are for the future when that communication is weaponized․
Post a comment