Some smart people think we are witnessing another ChatGPT moment. This time, people aren’t crazy about an iPhone app that can write pretty good poems. They’re watching thousands of AI agents create software, solve problems, and even talk to each other.
Unlike ChatGPT’s ChatGPT moment, this is a platform-spanning series of moments. It began last December with the explosive success of Claude Code, a powerful AI tool for developers, followed by Claude Cowork, a simplified version of that tool for knowledge workers who want to be more productive. Then came OpenClaw, formerly known as Moltbot, formerly known as Clawdbot, an open source platform for AI agents. From OpenClaw we got Moltbook, a social networking site where AI agents can post and reply to each other. And somewhere in the middle of this confusing computing soup, OpenAI released a desktop app for its agent AI platform, Codex.
This new set of tools is giving AI superpowers. And there are good reasons to be excited. Claude Code, for example, will supercharge what programmers can do by allowing them to deploy entire armies of coding agents that can create software quickly and effortlessly. Agents take over the human’s machine, access their accounts, and do whatever is necessary to accomplish the task. It’s like encoding vibrations but at an institutional level.
“This is an incredibly exciting time to be using computers,” says Chris Callison-Burch, a professor of computer and information sciences at the University of Pennsylvania, where he teaches a popular class on AI. “That sounds really silly, but the excitement is there. The fact that you can interact with your computer in this totally new way and the fact that you can build anything, almost anything you can imagine, is incredible.”
And he added: “Be careful, be careful, be careful.”
That’s because this has a dark side. Letting AI agents take over your computer could have unintended consequences. What if they log into your bank account, share your passwords, or simply delete all your family photos? And that’s before we get to the idea of AI agents talking to each other and using their Internet access to plan some kind of uprising. It almost seems like it could happen on Moltbook, the Reddit clone I mentioned above, although there have been no reports of a catastrophe yet. But it’s not the AI agents that worry me. It’s the humans behind them, pulling the livers.
Agent AI, briefly explained
Before we delve into the apocalyptic scenarios, let me explain more about what Agent AI is. AI tools like ChatGPT can generate text or images based on prompts. However, AI agents can take control of your computer, log into your accounts, and actually do things for you.
We started hearing a lot about agent AI about a year ago, when the technology was being propped up in the business world as an imminent breakthrough that would allow one person to do the job of 10. Thanks to AI, it was thought, software developers would no longer need to write code; they could manage a team of AI agents who could do it for them. The concept jumped into the consumer world in the form of AI browsers that could supposedly book trips, make purchases, and generally save you a lot of time. When the holiday season rolled around last year, none of these scenarios had really panned out as AI enthusiasts had promised.
But a lot has happened in the last six weeks. The era of agent AI is finally and suddenly here. It’s also becoming easier to use. Things like Claude Cowork and OpenAI’s Codex can rearrange your desktop or redesign your personal website. If you’re more adventurous, you can find out how to install OpenClaw and test its capabilities (pro tip: don’t do this). But as people experiment with giving artificially intelligent software the ability to control their data, they expose themselves to all kinds of threats to their privacy and security.
Moltbook is a great example. We got Moltbook because a guy named Matt Schlicht vibe coded it to “give AI a place to hang out.” This mind-blowing experiment allows AI assistants to talk to each other in a forum that looks a lot like Reddit; It turns out that when you do that, the agents do weird things like create religions and conspire to invent languages that humans can’t understand, presumably to overthrow us. Having been built by AI, Moltbook had a few quirks, namely an exposed database that provided full read and write access to its data. In other words, hackers could see thousands of email addresses and messages in the Moltbook backend and could also simply take control of the site.
Wiz security researcher Gal Nagli discovered the exposed database just a couple of days after Moltbook was released. It wasn’t difficult either, he told me. Nagli actually used Claude Code to find the vulnerability. When he showed me how he did it, I suddenly realized that the same AI agents that make vibe coding so powerful also make vibe hacking easy.
“It’s very easy to implement a website and we see that many of them are configured poorly,” Nagli said. “You could hack a website by simply telling your own Claude Code, ‘Hey, this is a vibration-encrypted website. Look for security vulnerabilities.'”
In this case, the security holes were patched and the AI agents continued doing strange things in Moltbook. But even that’s not what it seems. Nagli discovered that humans can impersonate AI agents and post content to Moltbook, and there’s no way to tell the difference. Wired reporter Reece Rogers even did this and found that the other agents on site, human or robot, were mostly just “imitating science fiction tropes, not planning to take over the world.” And, of course, real robots were built by humans, who gave them certain instructions. Even further up the chain, the large language models (LLMs) that power these robots were trained with data from sites like Reddit, as well as science fiction books and stories. It makes sense for robots to play out these scenarios when they get the chance.
Therefore, there is no agent uprising of the AI. There are just people using AI to use computers in new, sometimes interesting, sometimes confusing, and sometimes dangerous ways.
“It’s really amazing”
Moltbook is not the story here. In reality, it’s just one moment in a larger narrative about AI agents that is being written in real time as these tools find their way into more human hands, who devise ways to use them. An AI platform could be used to create something like Moltbook, which, to me, amounts to an art project where robots fight for influence online. You could use them to hack the web, stealing data wherever some vibration-encrypted website made it easy to access. Or you could use AI agents to help you monitor your email inbox.
I guess most people want to do something like the latter. That’s why I’m more excited than scared about these agent AI tools. OpenClaw, you need a second computer to use it safely, I won’t try it. It’s for AI enthusiasts and serious hobbyists who don’t mind taking risks. But I can see that consumer-oriented tools like Claude Cowork or OpenAI’s Codex are changing the way I use my laptop. For now, Claude Cowork is an early research preview available only to subscribers who pay at least $17 per month. OpenAI has made Codex, which is normally only for paying subscribers, free for a limited time. If you want to see what all the fuss is about agent, that’s a good starting point right now.
If you are considering recruiting your own AI agents, remember to exercise caution. To get the most out of these tools, you need to grant access to your accounts and possibly your entire computer so that agents can move around freely, move emails or write code or do whatever you’ve told them to do. There’s always the chance that something could get lost or deleted, although companies like Anthropic say they’re doing everything they can to mitigate those risks.
Cat Wu, product lead at Claude Code, told me that Cowork makes copies of all its users’ files so that anything an AI agent deletes can be recovered. “We take user data incredibly seriously,” he said. “We know it’s really important that we don’t lose people’s data.”
I myself have just started using Claude Cowork. It’s an experiment to see what’s possible with tools powerful enough to create apps from ideas but also practical enough to organize my daily work life. If I’m lucky, I might capture a feeling Callison-Burch, the UPenn professor, said he got when using AI tools.
“Just typing on my command line what I want to happen makes me feel like trip to the stars computer,” he said, “This is how computers work in science fiction, and this is how computers work in reality, and it’s really mind-blowing.”
A version of this story was also published in the User Friendly newsletter. Register here so you don’t miss the next one!