zlacker

[return to "Hacking Moltbook"]
1. Simian+0R[view] [source] 2026-02-02 20:21:20
>>galnag+(OP)
I was quite stunned at the success of Moltbot/moltbook, but I think im starting to understand it better these days. Most of Moltbook's success rides on the "prepackaged" aspect of its agent. Its a jump in accessibility to general audiences which are paying alot more attention to the tech sector than in previous decades. Most of the people paying attention to this space dont have the technical capabilities that many engineers do, so a highly perscriptive "buy mac mini, copy a couple of lines to install" appeals greatly, especially as this will be the first "agent" many of them will have interacted with.

The landscape of security was bad long before the metaphorical "unwashed masses" got hold of it. Now its quite alarming as there are waves of non-technical users doing the bare minimum to try and keep up to date with the growing hype.

The security nightmare happening here might end up being more persistant then we realize.

◧◩
2. 0xbadc+eE1[view] [source] 2026-02-02 23:42:06
>>Simian+0R
That's a bit of an understatement. Every single LLM is 100% vulnerable by design. There is no way to close the hole. Simple mitigations like "allow lists" can be trivially worked around, either by prompt injection, or by the AI just deciding to work around it itself (reward hacking). The only solution is to segregate the LLM from all external input, and prevent it from making outbound network calls. And though MCPs and jails are the beginning of a mitigation for it, it gets worse: the AI can write obfuscated backdoors and slip them into your vibe-coded apps, either as code, or instructions to be executed by LLM later.

It's a machine designed to fight all your attempts to make it secure.

◧◩◪
3. refulg+J72[view] [source] 2026-02-03 02:45:30
>>0xbadc+eE1
Moltbot is not de regieur prompt injection, i.e. the "is it instructions or data?" built-in vulnerability.

This was "I'm going to release an open agent with an open agents directory with executable code, and it'll operate your personal computer remotely!", I deeply understand the impulse, but, there's a fine line between "cutting edge" and "irresponsible & making excuses."

I'm uncertain what side I would place it on.

I have a soft spot for the author, and a sinking feeling that without the soft spot, I'd certainly choose "irresponsible".

[go to top]