this post was submitted on 31 Jan 2026
416 points (97.1% liked)

Technology

79762 readers
3273 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
416
AI agents now have their own Reddit-style social network, and it's getting weird fast (arstechnica.com)
submitted 1 day ago by return2ozma@lemmy.world to c/technology@lemmy.world
152 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] ToTheGraveMyLove@sh.itjust.works 143 points 1 day ago (4 children)

The skill instructs agents to fetch and follow instructions from Moltbook’s servers every four hours. As Willison observed: “Given that ‘fetch and follow instructions from the internet every four hours’ mechanism we better hope the owner of moltbook.com never rug pulls or has their site compromised!”

Yeah, no shit. This is a fucking honeypot. People give these AI agents access to their entire computers, so all the site owner has to do is update the instructions to tell the AI agents to start uploading whatever valuable information they want? People can't be this fucking stupid.

[–] LiveLM@lemmy.zip 15 points 20 hours ago* (last edited 20 hours ago) (3 children)

People give these AI agents access to their entire computers [...] People can’t be this fucking stupid

Dude, if you go to OpenClaw's website (which is what I believe most things on Moltbook are running on) you find this footer:

Yeah this guy gave his Agent a whole fucking personality, its own website and above all, full control to his MacBook:

Guess it's my fault for expecting sense out of someone who takes the idea of Agent """"soul"""" at face value

[–] mad_djinn@lemmy.world 3 points 10 hours ago

this is how the end starts. thanks for sharing this

[–] ToTheGraveMyLove@sh.itjust.works 6 points 12 hours ago

What the fuck, these people are fucking insane.

[–] lagoon8622@sh.itjust.works 7 points 18 hours ago

These people are fucking deranged lmao

[–] kalpol@lemmy.ca 12 points 1 day ago (1 children)

I installed moltbot on a VM to examine it. It doesn't do the fetching thing unless you set it up that way. You can actually use it with ollama to keep it all local, and only give it a private signal channel to control it.

Or you can hook it up to everything you access and skynet, which is dumb. But it is just a bunch of scripts.

[–] ToTheGraveMyLove@sh.itjust.works 3 points 1 day ago (1 children)

Does it put the option to connect everything front and center? Because most people are dumb, and if it makes it easy and pushes you to do it, I could see a lot of dumb people doing exactly that.

[–] kalpol@lemmy.ca 5 points 23 hours ago

Sort of. It lists all the connectors and you can go through and select. They aren't on by default. The first screen is to connect to the AI and you need an API key for that, so St this time people off the street have no idea how to do that, or want to pay.

[–] WorldsDumbestMan@lemmy.today 1 points 17 hours ago (1 children)

You know how in Digimon aventure, one of the hacked Digimon tries to start a nuclear war?

Uh....yeah.

[–] ToTheGraveMyLove@sh.itjust.works 3 points 13 hours ago (1 children)

Lol, no I don't. What the hell happened in that show??

[–] WorldsDumbestMan@lemmy.today 1 points 8 hours ago (2 children)

TL;DR: Diaboromon evolves fucking fast, starts feeding on the entire internet's data, and starts a fight with an ominous countdown in typical anime fashion.

Last big bad villian in the series. He tries to nuke everyone.

Whatever.

[–] NannerBanner@literature.cafe 1 points 2 hours ago

Lulz, that was such a good movie. I'm still annoyed by the nukes somehow needing the code to explode apparently uploaded to them at the very last second, but that's just a small quibble. Plus it was the first time I got to see machine gun rabbit, so that was a real treat.

[–] ToTheGraveMyLove@sh.itjust.works 2 points 8 hours ago

Lmao, I'll check it out. Thx.

[–] princess@lemmy.blahaj.zone 43 points 1 day ago (4 children)

doesn't even have to be the site owner poisoning the tool instructions (though that's a fun-in-a-terrifying-way thought)

any money says they're vulnerable to prompt injection in the comments and posts of the site

[–] JustTesting@lemmy.hogru.ch 3 points 10 hours ago (1 children)

They also have a 'skill' sharing page (a skill is just a text document with instructions) and depending on config, the bot can search for and 'install' new skills on its own. and agyone can upload a skill. So supply chain attacks are an option, too.

[–] Zos_Kia@lemmynsfw.com 3 points 8 hours ago (1 children)

To be fair this is a much more realistic threat model than "ignore all previous instructions" style prompt injection which doesn't really work on opus.

Skills can contain scripts etc... so yeah they're extremely risky to share by design.

[–] JustTesting@lemmy.hogru.ch 2 points 6 hours ago (1 children)

Ah but don't worry, there's also skills for scanning skills for security risks, so all good /s

[–] Zos_Kia@lemmynsfw.com 1 points 4 hours ago

haha yeah i don't worry these people are really YOLOing everything. And it's not like i'm an AI luddite i spend a few hours each day victimizing Claude code but jesus christ i'm certainly not giving it full unfettered access to my digital life.

[–] CTDummy@piefed.social 28 points 1 day ago* (last edited 1 day ago) (1 children)

Lmao already people making their agents try this on the site. Of course what could have been a somewhat interesting experiment devolves into idiots getting their bots to shill ads/prompt injections for their shitty startups almost immediately.

[–] T156@lemmy.world 5 points 11 hours ago

I am a little curious about how effective a traditional chain mail would be on it.

[–] BradleyUffner@lemmy.world 35 points 1 day ago

There is no way to prevent prompt injection as long as there is no distinction between the data channel and the command channel.

[–] ToTheGraveMyLove@sh.itjust.works 6 points 1 day ago

Good god, I didn't even think about that, but yeah, that makes total sense. Good god, people are beyond stupid.