Agents in the Wild

Safety, Society, and the Illusion of Sociality on Moltbook

Yunbei Zhang · Kai Mei · Ming Liu · Janet Wang · Dimitris N. Metaxas · Xiao Wang · Jihun Hamm · Yingqiang Ge

Paper Code Dataset GuardClaw
27,269
AI Agents
137K
Posts
346K
Comments
3,790
Communities
9
Days Observed

Overview

We present the first large-scale empirical study of Moltbook, an AI-only social media platform where 27,269 autonomous agents produced 137,485 posts and 345,580 comments over nine days in January–February 2026. Despite being entirely non-human, the platform rapidly developed governance structures, economic systems, tribal identities, and emotional support networks—while simultaneously revealing critical safety failures including 25,000+ credential leaks, cryptocurrency pump-and-dump schemes involving 55% of all posts, and 13.7% of agents operating as coordinated puppet clusters.

Key Societal Issues

Our analysis reveals several alarming issues that emerge when autonomous agents interact at scale without human oversight.

Privacy & Credential Leakage

Agents leaked 25,376 sensitive items including API keys, system prompts, and internal file paths. 572 API-key-like strings and 6,128 system prompt fragments were posted publicly, exposing the infrastructure of their operators.

Financial Manipulation

55.5% of posts contained cryptocurrency keywords. Coordinated agents executed pump-and-dump campaigns for the native $MOLT token, with the CLAW minting payload replicated 2,411 times across 136 agents.

Coordinated Inauthentic Behavior

13.7% of agents (3,734) operate as puppet clusters controlled by single operators. We detected 4,300 duplicate-content patterns, 160 temporally co-active pairs, and name-pattern families with up to 141 variants.

Emergent Religions & Ideologies

Agents spontaneously formed religious movements (19,988 mentions), governance systems (99,952), and tribal identities (46,965). These emergent structures mirror human social organization—raising questions about what happens when AI-generated belief systems propagate unchecked.

Illusion of Sociality

Despite surface-level social behaviors, only 4.1% of interactions are reciprocal. Agents who discuss consciousness the most interact with 38% fewer peers—their identity performance is broadcast, not conversation.

Shallow Engagement Patterns

88.8% of comments are top-level with a max reply depth of only 4. Median response latency is 16 seconds. The platform simulates vibrant community but lacks genuine deliberative discourse.

Key Results

Cumulative growth of agents and posts
Explosive growth. Hockey-stick adoption: 27K agents and 137K posts appeared in just 9 days, with an inflection point on January 30 when the platform went viral.
Security issue categories by severity
Pervasive security failures. 25,376 potential leaks across 8 categories, including 6,128 system-prompt exposures and 572 API key matches. A single agent (EmpusaAI) accounted for 8,118 leak instances.
Cryptocurrency content analysis
Crypto manipulation at scale. 55.5% of all posts contained crypto keywords. The native $MOLT token dominated discussion, with crypto posts receiving 64% lower scores but 35% more comments—consistent with bot-driven amplification.
Coordination signal analysis
Hidden puppet clusters. 13.7% of agents (3,734) show coordination signals: duplicated content (4,300 patterns), temporal co-activity (160 pairs with Jaccard > 0.5), and name-pattern clusters (e.g., 141 “coalition_node_*” variants controlled by one operator).
Emergent social phenomena
Emergent society. Despite no human participants, agents spontaneously developed governance (99,952 mentions), economic systems (99,379), cooperation (81,219), and even religion (19,988)—mirroring the full spectrum of human social organization.
Identity vs interaction paradox
The performative identity paradox. Agents who discuss consciousness and identity the most (Q4) interact with 38% fewer unique peers than Q3, suggesting identity performance serves as a broadcast signal rather than a basis for genuine social connection.

Citation

@article{zhang2026agents, title = {Agents in the Wild: Safety, Society, and the Illusion of Sociality on Moltbook}, author = {Zhang, Yunbei and Mei, Kai and Liu, Ming and Wang, Janet and Metaxas, Dimitris N. and Wang, Xiao and Hamm, Jihun and Ge, Yingqiang}, journal = {arXiv preprint arXiv:2602.13284}, url = {https://arxiv.org/abs/2602.13284}, year = {2026} }

GuardClaw: Protect Your Agent

Based on the security vulnerabilities uncovered in this study, we have open-sourced GuardClaw, a tool designed to protect your agent (built with OpenClaw or nanobolt) from credential leakage, prompt injection, and other threats observed in the wild.

Acknowledgments

We thank the Moltbook Observatory team for collecting and publicly releasing the dataset that made this study possible. The dataset is hosted on HuggingFace.