Even Karpathy walked it back. After calling Moltbook “one of the most incredible sci-fi takeoff-adjacent things,” he later described it as “a dumpster fire.”
My favourite line from this article. I’ve been so in awe of the confidence of what Moltbook is/was over the last few weeks that watching people walk back their hubris to repair their reputation with carefully worded reflections is interesting to observe.
“people are granting system-level permissions to software they don’t understand” - Now the real question is: do you think that it’s just a side effect of AI hype? Or more of part of the plan?
The governance gap you've identified is the real story. Moltbook patched vulnerabilities only after external researchers caught them. No mandatory audit. No accountability framework. No liability assignment. The EU AI Act names general-purpose AI obligations but has no mechanism for multi-agent platforms where the damage compounds through interaction, not individual failure. Until someone is legally required to audit these systems before launch - not after the breach - this pattern will keep repeating.
Even Karpathy walked it back. After calling Moltbook “one of the most incredible sci-fi takeoff-adjacent things,” he later described it as “a dumpster fire.”
My favourite line from this article. I’ve been so in awe of the confidence of what Moltbook is/was over the last few weeks that watching people walk back their hubris to repair their reputation with carefully worded reflections is interesting to observe.
“people are granting system-level permissions to software they don’t understand” - Now the real question is: do you think that it’s just a side effect of AI hype? Or more of part of the plan?
The governance gap you've identified is the real story. Moltbook patched vulnerabilities only after external researchers caught them. No mandatory audit. No accountability framework. No liability assignment. The EU AI Act names general-purpose AI obligations but has no mechanism for multi-agent platforms where the damage compounds through interaction, not individual failure. Until someone is legally required to audit these systems before launch - not after the breach - this pattern will keep repeating.