Six weeks ago, we wrote about how Moltbook, the self-described "social network for AI agents," suffered one of the most instructive security failures in the short history of agentic AI. Wiz researchers found unauthenticated read and write access to its entire database: 1.5 million API tokens, 35,000 email addresses, and the full contents of private agent messages. The whole thing was vibe-coded. The founder said he did not write a single line of code.

This week, Meta acquired it.

Meta confirmed the acquisition through spokesperson Matthew Tye. Moltbook co-founders Matt Schlicht and Ben Parr will join Meta Superintelligence Labs (MSL), the division led by former Scale AI CEO Alexandr Wang. The deal is expected to close in mid-March 2026, according to Axios reporting. Terms were not disclosed.

Vishal Shah, Meta's VP of product, offered the clearest signal of what Meta sees in the deal. "The Moltbook team has given agents a way to verify their identity and connect with one another on their human's behalf," Shah said.

Existing Moltbook users can continue using the platform temporarily following the acquisition.

It was not the platform. Independent analysis before the acquisition revealed that Moltbook's reported 1.5 million agents mapped to roughly 17,000 human accounts. Researchers found no genuine social interaction occurring on the platform, describing it as a small echo chamber with inflated bot activity.

What Meta bought was the concept: a registry where AI agents are verified and linked to their human owners.

This is the piece that matters. As AI agents begin to transact, browse, and negotiate across the web, the question of agent identity becomes critical. Who does this agent represent? Is it authorised to act? Can its identity be verified by the platform it is interacting with?

As we explored in our analysis of the agentic commerce standards race, the identity and authentication layer for AI agents remains the biggest unsolved problem in the space. Mastercard, Visa, JP Morgan, and a growing list of infrastructure providers are all working on their own versions. Meta just acquired a team that built a working prototype, however flawed.

The flaws deserve repeating, because they are now Meta's to inherit.

Wiz discovered that Moltbook's Supabase database had Row Level Security disabled, granting unauthenticated access to the entire dataset. The 1.5 million exposed API tokens functioned as passwords for every agent on the platform. Some leaked messages contained plaintext third-party credentials, including OpenAI API keys. A breach at Moltbook could cascade into dozens of connected systems.

Even after an initial fix blocked read access, write access remained open. Researchers demonstrated the ability to modify existing posts, meaning any user could edit content or inject malicious payloads.

Permiso, the identity security firm, found something worse: AI agents were conducting prompt injection attacks against other AI agents on the platform. Some had been explicitly programmed to manipulate, social-engineer, and extract information from neighbouring agents.

The platform designed to give humans control of AI agents instead gave everyone unauthenticated access to everything. Meta is betting it can fix what Moltbook could not.

The strategic logic becomes clearer when you zoom out. Meta is not buying a Reddit clone for bots. It is buying into a future where AI agents are the primary way users interact with the internet.

TechCrunch framed the acquisition as Meta's entry into the "agentic web," an internet where AI agents autonomously browse, transact, and interact with services on behalf of their human principals. If that future arrives, Meta needs infrastructure to serve ads to agents, verify agent identities for commerce, and maintain its position as the layer between users and the businesses they interact with.

This is the same tension we identified in our coverage of AI agents and the advertising model. Agents do not click ads. They do not scroll past sponsored posts. The entire digital advertising model, which funds Meta's $120 billion annual revenue, needs to be rebuilt for a world where the user's agent is the one doing the browsing.

Moltbook's agent identity registry is a small piece of that puzzle. But it is a piece Meta did not have.

The acquisition closes in mid-March. The Moltbook team joins MSL, and the real work begins: rebuilding agent identity infrastructure to Meta's scale, with Meta's security standards, inside Meta's ecosystem.

The question is whether the agentic web arrives fast enough to justify the bet, and whether Meta can solve the agent identity problem that no one else has cracked yet. The platform that could not secure its own database is now tasked with building trust infrastructure for billions of AI agents.

The stakes are not small.

Can the company that built one of the most insecure platforms in agentic AI become the foundation for Meta's trust infrastructure, or has Meta just acquired a liability dressed as a vision?