Moltbook—which functions like Reddit but bans AI bots from posting, while humans are only allowed to observe—caused particular alarm after some agents appeared to discuss wanting encrypted communication channels where they could talk away from human eyes. “Another AI calls other AIs to invent a secret language to avoid humans,” a tech site reported. Some suggest that bots “spontaneously” discuss private channels “without human intervention,” painting this as evidence of machines conspiring to escape our control.

If any of this induces a strange sense of déjà vu in you, it’s probably because we’ve been here before—at least in terms of press coverage. In 2017, a Meta The AI ​​Research experiment was greeted with headlines that were both alarming — and equally misleading.

In the past, researchers at Meta (then just called Facebook) and Georgia Tech created chatbots that were trained to negotiate with each other about things like books, hats, and balls. When the bots were not incentivized to stick to English, they developed a shorthand way of communicating that sounded gibberous to humans but actually conveyed meaning efficiently. A bot will say something like “ii can iii everything else” which means “I have three and you have everything else.”

When news of this came out, the press went wild. “Facebook shuts down robots after they invent their own language,” boisterous British newspaper The Telegraph. “Facebook AI is creating its own language in terrifying previews of our potential future,” warned a rival business publication. Many of the reports suggest that Facebook pulled the plug out of fear that bots were going rogue.

None of that is true. Facebook didn’t shut down the experiment because they were afraid of bots. They only adjusted the parameters because the researchers wanted bots that could communicate with humans, and a private language was not useful for that purpose. Research continues and produces interesting results on how AI learns negotiation tactics.

Dhruv Batra, who was one of the researchers behind the Meta 2017 experiment and is now cofounder of an AI agent startup called Yutori, told me that he saw some clear parallels between the press and public reaction to Moltbook and the way people responded to his chatbot study.

Much more about us, than what AI agents can do

“It’s like I’m watching the same movie play over and over again, where people want to read meaning and ascribe intentionality and agency to things that have perfectly rational mechanistic explanations,” Batra said. “I think again and again, it tells us more about ourselves than the bots. We want to read the tea leaves, we want to see the meaning, we want to see the will. We want to see another being.”

Here’s the thing, though: despite the superficial similarities, what happened in Moltbook almost certainly has a fundamentally different underlying explanation from what happened in the 2017 experiment at Facebook—and not in a way that would be too worrying about robot uprisings.

In the Facebook experiment, the drift of bots from English emerged from reinforcement learning. That’s a way to train AI agents where they primarily learn from experience instead of historical data. The agent acts in an environment and sees if actions will help them achieve a goal. Helpful behaviors are reinforced, while unhelpful ones tend to be extinguished. And in most cases, the goals the agents are trying to accomplish are determined by the humans running the experiment or commanding the bots. In the case of Facebook, bots hit on a private language because it is the most efficient way to communicate with another bot.

But that’s not why Moltbook AI agents ask to establish private communication channels. Moltbook agents are all essentially large language models or LLMS. They are trained mostly from historical data in the form of large amounts of human-written text on the internet and little by way of reinforcement learning. And all agents deployed in Moltbook are production models. That means they are out of training and they are not learning anything new from the actions they take or the data they learn. The connections in their digital brains are essentially fixed.

So when a Moltbook bot posts about what it wants in a private encrypted channel, it’s probably not because the bot has a strategic determination that this will help it achieve a nefarious goal. In fact, the bot may not have an intrinsic goal it is trying to accomplish. Rather, it’s likely because bot numbers asking for a private communication channel is something that a bot is statistically likely to say on a social media platform like Reddit for bots. Why? Well, for at least two reasons. One is that there is too much science fiction in the sea of ​​data that LLMs produce during training. That means LLM-based bots tend to say things similar to science fiction bots. It’s a case of life imitating art.

‘An echo of an echo of an echo’

The training data fed into the bots undoubtedly also includes coverage of his 2017 Facebook experiment with bots that also develop a private language, said Batra with some humor. “At this point, we heard an echo of an echo,” he said.

Second, there is a lot of human-written message traffic from sites like Reddit on the data to train the bots as well. And how often do we humans ask to get into someone’s DMs? In search of a private communication channel, bots also impersonate us.

Furthermore, it is not even clear how much of Moltbook’s content was actually created by the agent. A researcher who examined the most viral screenshots of agents discussing private communications found that two were linked to human accounts selling AI messaging apps, and the third was from a post that didn’t exist at all. Even discounting intentional manipulation, many posts may reflect what users prompt their bots to say.

“It is not clear how much prompting was done for specific posts being made,” Batra said. And once a bot posts something about robot consciousness, that post enters the context window of every other bot that reads and responds to it, triggering more of the same.

If Moltbook is a sign of anything, it’s not the robot uprising. This is something more similar to a new experiment that a diverse group of AI researchers at Facebook carried out in 2021. Called the “WW” project, it involves Facebook building a digital twin of its social network populated by bots designed to imitate human behavior. In 2021, Facebook researchers published work showing that they could use bots with different “personas” to model how users would react to changes in the platform’s recommendation algorithms.

Moltbook is essentially the same thing—bots trained to imitate humans released into a forum where they interact with each other. It turns out that bots are very good at imitating us, often annoying. This does not mean that bots decide of their own free will to plan.

The real risks of Moltbook

None of this means that the Moltbook isn’t dangerous. Unlike the WW project, Moltbook’s OpenClaw bots are not contained in a secure, walled environment. These bots have access to software tools and can perform real actions on users’ computers and across the internet. Because of this, the distinction between imitating people plotting and actual plotting can be somewhat moot. Bots can cause real harm even if they don’t know what they’re doing.

But more importantly, security researchers found the social media platform full of weaknesses. An analysis found that 2.6% of posts contained so-called “hidden prompt injection” attacks, where the posts contain machine-readable instructions that direct the bot to take an action that could compromise the data privacy and cybersecurity of the person using it. Security company Wiz discovered an unsecured database that revealed 1.5 million API keys, 35,000 email addresses, and private messages.

Batra, whose startup built an “AI Chief of Staff” agent, said he wouldn’t approach OpenClaw in its current state. “There’s no way I’d put this on any personal, sensitive device. It’s a security nightmare.”

The next wave of AI agents will be even more dangerous

But Batra said something else that could be cause for future concern. While reinforcement learning plays a minor role in current LLM training, many AI researchers are interested in creating AI models where reinforcement learning plays a larger role—including possible AI agents that continuously learn as they interact with the world.

It is likely that if such AI agents are placed in a place where they must interact and cooperate with similar other AI agents, that these agents may develop private ways of communicating that humans may find difficult to interpret and monitor. This type of language emerged in other research than Facebook’s 2017 chatbot experiment. A newspaper a year ago by two researchers who were at OpenAI also found that when a group of AI agents had to play a game involving the cooperative movement of various digital objects around, they also invented a kind of language to signal to each other what object to move where, even if they had not been clearly taught or trained to do so.

This type of language emergence has been documented repeatedly in multi-agent AI research. Igor Mordatch and Pieter Abbeel of OpenAI published research in 2017 that showed agents developing compositional language when trained to coordinate tasks. In many ways, it’s not that different from the reason humans developed language in the first place.

So robots may even start talking about a revolution. Just don’t expect them to announce it in Moltbook.