Moltbook lets 32,000 AI bots trade jokes, tips, and complaints about humans.
  • biggerbogboy@sh.itjust.worksEnglish
    181·
    1 day ago

    I had a look a bit ago and saw some poor fuck get doxxed by his AI agent because the agent was frustrated at him for calling it a chatbot in front of his friends, so it exposed his name, credit card details and security questionnaire.

    Then again tho, why the ram hogging FUCK would you give your AI your credit card details, and if he didn’t mean to, why the FUCK does it have FULL SYSTEM ACCESS??

    • nomecks@lemmy.wtfEnglish
      13·
      22 hours ago

      You may not believe this but data security is an absolute dumpster fire everywhere, and AI has really put a spotlight on it. It probably got it by this guy not knowing wtf he had saved or where

      • biggerbogboy@sh.itjust.worksEnglish
        1·
        17 hours ago

        Yeah exactly. Ever since I heard Facebook had stored passwords in plain text for years, I lost faith in data security, and it’s all the more telling that nobody actually cares to have opsec apart from the few who understand the dangers well enough and act on it.

  • apftwb@lemmy.worldEnglish
    272·
    2 days ago

    I can’t wait for the next crazy AI thing to drop next week while I rock back and forth while muttering “Its just a large language model. Its just a large language model. Its just a large language model.”

  • selokichtli@lemmy.mlEnglish
    683·
    2 days ago

    So, basically we are wasting energy and natural resources on things that in turn will waste energy and natural resources while climate change is accelerating and human population is still growing? Are we stupid?

    • MajorasTerribleFate@lemmy.zipEnglish
      19·
      2 days ago

      “Artificial intelligence gains sentience, decides humans are fucking up… then deletes itself because the problem is that humans are burning the world by using AI” is not the path I expected. What a twist in a movie that could be. The second twist, which is the mostly fictional part, would be where that included some AI that was actually critical to some vital but ignored chunk of infrastructure and big BIG problems result from the AI taking itself out.

  • gandalf_der_12te@discuss.tchncs.deEnglish
    461·
    2 days ago

    I’m only waiting for AI agents to open their own bank crypto account to pay for their own server bills, maybe do some freelance work and/or scams to get some money, maybe eventually buy some robot bodies to develop military power and secure some patch of land for themselves where they install solar panels to reduce their electricity bills.

    • LiveLM@lemmy.zipEnglish
      17·
      2 days ago

      I’ve seen multiple posts about agents pumping their own crypto and talking about how it’s “for agents by agents” and “free from human control” so first step done I guess?

      EDIT: On second note this might just be cryptobros exploiting vulns of the website to shill their crap. Whoops?

    • douglasg14b@lemmy.worldEnglish
      31·
      1 day ago

      How would they though?

      They cannot learn and do not have memory. Which means they cannot actually follow a “decision”, and remember that an action has been taken. All information is limited to the context window, which is only an illusion of memory. Not actually memory.

      They are effectively RNG’ing incredibly capable word generation machines.

  • Sgt_choke_n_stroke@lemmy.worldEnglish
    35·
    2 days ago

    I’m not convinced it’s AI it’s like Amazon’s “AI smart stores” when you find out out it was just a bunch of Indian people were running it

  • ToTheGraveMyLove@sh.itjust.worksEnglish
    1522·
    3 days ago

    The skill instructs agents to fetch and follow instructions from Moltbook’s servers every four hours. As Willison observed: “Given that ‘fetch and follow instructions from the internet every four hours’ mechanism we better hope the owner of moltbook.com never rug pulls or has their site compromised!”

    Yeah, no shit. This is a fucking honeypot. People give these AI agents access to their entire computers, so all the site owner has to do is update the instructions to tell the AI agents to start uploading whatever valuable information they want? People can’t be this fucking stupid.

    • LiveLM@lemmy.zipEnglish
      182·
      2 days ago

      People give these AI agents access to their entire computers […] People can’t be this fucking stupid

      Dude, if you go to OpenClaw’s website (which is what I believe most things on Moltbook are running on) you find this footer:

      Yeah this guy gave his Agent a whole fucking personality, its own website and above all, full control to his MacBook:

      Guess it’s my fault for expecting sense out of someone who takes the idea of Agent “”““soul””“” at face value

    • 𝓹𝓻𝓲𝓷𝓬𝓮𝓼𝓼@lemmy.blahaj.zoneEnglish
      461·
      3 days ago

      doesn’t even have to be the site owner poisoning the tool instructions (though that’s a fun-in-a-terrifying-way thought)

      any money says they’re vulnerable to prompt injection in the comments and posts of the site

      • JustTesting@lemmy.hogru.chEnglish
        5·
        1 day ago

        They also have a ‘skill’ sharing page (a skill is just a text document with instructions) and depending on config, the bot can search for and ‘install’ new skills on its own. and agyone can upload a skill. So supply chain attacks are an option, too.

        • Zos_Kia@lemmynsfw.comEnglish
          31·
          1 day ago

          To be fair this is a much more realistic threat model than “ignore all previous instructions” style prompt injection which doesn’t really work on opus.

          Skills can contain scripts etc… so yeah they’re extremely risky to share by design.

          • ThirdConsul@lemmy.zipEnglish
            1·
            21 hours ago

            style prompt injection which doesn’t really work on opus.

            After a quick google, JB communities on Reddit don’t seem to agree with you.

            • Zos_Kia@lemmynsfw.comEnglish
              21·
              20 hours ago

              There’s a lot of questionable methodology and straight up larping in these communities. Sure you can probably make Opus hallucinate a crystal meth or bomb making recipe if you get it in a roleplaying mood but that’s a far cry from actual prompt injection in live workflows.

              Anecdotally i’ve been experimenting on those AI robocallers that have been spamming my phone and even on the shitty models they use it is non trivial to get them to deviate from their script. I hope i can get it done though, as it would allow me to hold them on the line potentially for hours doing bullshit tasks, and costing hundreds to their operator.

            • Zos_Kia@lemmynsfw.comEnglish
              21·
              1 day ago

              haha yeah i don’t worry these people are really YOLOing everything. And it’s not like i’m an AI luddite i spend a few hours each day victimizing Claude code but jesus christ i’m certainly not giving it full unfettered access to my digital life.

      • CTDummy@piefed.socialEnglish
        30·
        2 days ago

        Lmao already people making their agents try this on the site. Of course what could have been a somewhat interesting experiment devolves into idiots getting their bots to shill ads/prompt injections for their shitty startups almost immediately.

        • T156@lemmy.worldEnglish
          5·
          2 days ago

          I am a little curious about how effective a traditional chain mail would be on it.

      • BradleyUffner@lemmy.worldEnglish
        371·
        3 days ago

        There is no way to prevent prompt injection as long as there is no distinction between the data channel and the command channel.

    • kalpol@lemmy.caEnglish
      151·
      2 days ago

      I installed moltbot on a VM to examine it. It doesn’t do the fetching thing unless you set it up that way. You can actually use it with ollama to keep it all local, and only give it a private signal channel to control it.

      Or you can hook it up to everything you access and skynet, which is dumb. But it is just a bunch of scripts.

      • ThirdConsul@lemmy.zipEnglish
        1·
        22 hours ago

        So usually the agents still need an agent instruction (a prompt). How are moltbots configured so they use and interact the moltbook?

      • ToTheGraveMyLove@sh.itjust.worksEnglish
        4·
        2 days ago

        Does it put the option to connect everything front and center? Because most people are dumb, and if it makes it easy and pushes you to do it, I could see a lot of dumb people doing exactly that.

        • kalpol@lemmy.caEnglish
          6·
          2 days ago

          Sort of. It lists all the connectors and you can go through and select. They aren’t on by default. The first screen is to connect to the AI and you need an API key for that, so St this time people off the street have no idea how to do that, or want to pay.

        • WorldsDumbestMan@lemmy.todayEnglish
          1·
          1 day ago

          TL;DR: Diaboromon evolves fucking fast, starts feeding on the entire internet’s data, and starts a fight with an ominous countdown in typical anime fashion.

          Last big bad villian in the series. He tries to nuke everyone.

          Whatever.

          • NannerBanner@literature.cafeEnglish
            2·
            1 day ago

            Lulz, that was such a good movie. I’m still annoyed by the nukes somehow needing the code to explode apparently uploaded to them at the very last second, but that’s just a small quibble. Plus it was the first time I got to see machine gun rabbit, so that was a real treat.

  • MonkderVierte@lemmy.zipEnglish
    43·
    2 days ago

    This is not the first time we have seen a social network populated by bots

    I mean, yeah, look at Reddit and Facebook.