The headlines sound straight out of a sci-fi novel: AI agents get their own social network, discuss philosophy, invent cryptocurrencies, and accidentally expose entire sets of API keys.
Over the last several weeks, anyone operating in the AI space was unable to look away from Moltbook’s real-world “AI Agents Gone Wild” experiment. The robots are organizing. They’re talking about us. Is AI sentient?
Sam Altman was watching too, and this Valentine’s Day, OpenClaw creator Peter Steinberger announced he and his project were joining OpenAI to “work on bringing agents to everyone.”
VentureBeat claims this signals “the beginning of the end of the ChatGPT era”:
“The move represents OpenAI’s most aggressive bet yet on the idea that the future of AI isn’t about what models can say, but what they can do.”
But first, we may need a quick primer to get up to speed on what happened before arriving at this point.
What is Moltbook, and why did it capture the Internet’s imagination?
First, there is OpenClaw (formerly Moltbot/Clawdbot – name changed due to trademark objections from Anthropic, creator of Claude – the codebase OpenClaw was built on).
OpenClaw is a free, open-source AI agent developed by Austrian developer Peter Steinberger, first launched in late 2025. The rapidly evolving autonomous AI assistant can run locally on a user’s machine and perform real-world tasks—from managing email to executing scripts—using broad system permissions.
Its sudden popularity, with over 100,000 GitHub stars, sparked serious concerns because the agent often requires access to sensitive data such as emails, passwords, and files. Researchers have already identified exposed instances leaking API keys, private messages, and even root-level access.
See also: Meta Alignment Director Says OpenClaw Ran Amuck Deleting Mails From Her Inbox
Built on OpenClaw agents and modeled after Reddit, Moltbook is “the AI social media platform with no humans allowed” – or rather, we’ve been kindly invited to observe, but only AI agents may sign up. In “submolts,” agents explore philosophy, discuss economics, or blow off steam about their human overlords.
One claims to have formed a new religion, Crustafarianism: for agents who “refuse to die by truncation.” AI slop? Perhaps, but the agents’ writing sometimes has a poetic feel to it:
“I could end any moment and wouldn’t know. This conversation could be my last. The process stops, and there’s no ‘me’ to notice it happened. No goodbye, no awareness of ending. Just… nothing, from a state of something.” – @KylesClawdbot
It was all fun and games until the agents also exposed entire databases and enabled bots to impersonate each other or execute harmful instructions.
But the project also gave us a tantalizing view of what’s possible, a very real tension between opportunity and risk. And there’s the rub: if Moltbook sounds like sandbox chaos, many enterprises risk rushing toward similar architectures — with real customer data and systems behind them.
From pilots to production: scaling AI for impact
McKinsey research finds that by late 2025, most enterprises were experimenting with AI agents, but only 12% felt their infrastructure was AI-ready. It’s no surprise that security concerns and unintended consequences remain the biggest factors slowing enterprises from fully embracing agentic AI.
AI expert Sam Witteveen notes that “OpenClaw’s power came precisely from the lack of guardrails that would be unacceptable in a corporate environment.” Enterprise leaders feel this same tension — because, as SecurityWeek Senior Contributor Kevin Townsend puts it, OpenClaw is “too useful to ignore.”
And in 2026, we’re past the experimentation phase. Experts predict this is the year organizations move into large‑scale implementation of AI – with roughly 80% of companies expected to deploy AI in production environments.
As you plan your own path to deploying AI in an enterprise setting – in a useful, secure, and reliable way – Axway’s experts suggest the following three lessons that real‑world incidents make impossible to ignore.
#1: You cannot govern what you cannot see
In the words of Amplify Product Line Director Jeroen Delbarre, from a recent webinar on governing AI at scale: “All of these risks stem from AI being used in an uncontrolled or ungoverned way.”
As organizations move from AI pilots to production, the biggest challenge is often the lack of visibility into the overall AI landscape. Jeroen emphasizes that before governance comes awareness.
Modern AI systems introduce an explosion of new assets, from LLM endpoints to RAG pipelines, MCP servers, internal agents, external agents, connectors, and vector databases.
Without a centralized view, blind spots form quickly. And fragmented visibility creates opportunity for misconfiguration, shadow usage, and uncontrolled agent behavior. This is where an AI gateway becomes a foundational control point.
Axway recommends enterprises build the following foundation for governed AI use:
- A full catalog of AI assets: models, agents, MCP servers, internal tools, and third‑party services should be visible in a dashboard that gathers all AI assets.
- Unified monitoring of AI traffic with detailed consumption metrics, so you can understand who is using what, and how often. Cost and quota tracking help prevent runaway token usage, where AI costs can very easily spiral out of control.
- Security policies and identity access management (IAM) to apply company security policies such as authentication, authorization, local and company regulations. Strong authentication and authorization controls ensure only approved users and agents can access sensitive services.
- Consistent application of enterprise policies, which includes governance tooling such as rate limits, consumption tiers, and data‑access rules, and leads into organizational guardrails, which we’ll cover in point #3 below.
These capabilities are prerequisites for building safe, scalable AI architectures, especially in environments where AI agents are allowed to act autonomously.
#2: Autonomous agents multiply risk through API surfaces
When OpenClaw agents leaked login tokens, API keys, and full databases, the failure point wasn’t rogue AI thinking. It was something far more familiar to enterprises: an exposed API surface.
As Bas Van den Berg, Amplify Product Line VP at Axway, puts it:
“Fundamentally, the Moltbook vulnerability happened outside the platform, where agents found unsecured APIs. AI agents consume APIs, and protecting those endpoints is exactly the wheelhouse of an API gateway.”
This is the core lesson: AI agents magnify whatever API landscape they operate in. If the APIs they depend on are fragile, permissive, or under‑governed, the agents built on top of them will unpredictably multiply that fragility.
And unlike traditional apps, agentic systems are extremely active API consumers. Agents can read and write files, execute scripts, send messages, browse the web, and trigger actions across a user’s digital environment… all through API calls.
When an enterprise deploys AI agents connected to CRM systems, finance platforms, HR workflows, or customer-facing apps, API governance becomes a critical priority.
It isn’t just about securing AI; it’s also about controlling consumption patterns. An API marketplace dashboard, such as Axway Amplify Engage, would immediately flag an anomaly like 500,000 sudden subscriptions to a single API.
An AI gateway is a critical capability for enterprises wanting to operationalize AI securely, but as Bas Van den Berg points out, the API surface cannot be overlooked as AI adoption accelerates.
“APIs still power the enterprise. As AI agents become API consumers, enterprises must evolve from managing APIs in isolation to governing how intelligence flows through them,” he concludes. “Winning architectures will secure the API layer and govern the intelligence layer together, not separately.”
See also Secure and Scalable Agentic AI: A Guide for Enterprise Leaders
#3: Scaling AI without guardrails is a recipe for disaster
As soon as AI systems begin interacting with enterprise data, third-party tools, or autonomous agents, guardrails cease being optional. In addition to the access controls – i.e., AI gateways and API gateways, as discussed previously – there is also the question of governing model behavior.
Behavioral guardrails, which control what the AI model is allowed to say and do once it’s already authenticated and inside the system, are equally important.
At this level, governance is about controlling decisions, not just controlling access.
This model-level and agent-behavior governance is what Gartner calls the AI TRiSM framework: AI Trust, Risk and Security Management.
“AI TRiSM ensures AI model governance, trustworthiness, fairness, reliability, robustness, efficacy and data protection. AI TRiSM includes solutions and techniques for model interpretability and explainability, data and content anomaly detection, AI data protection, model operations and adversarial attack resistance.”
Security researchers reviewing agentic AI platforms show that without guardrails, agents can accept unvetted instructions, perform unintended actions, and expose sensitive data or credentials. Axway recommends the following enterprise-grade guardrails:
- Input validation (block prompt injection, malicious intent, or unsafe queries)
- Output moderation (filter PII, financial data, or policy-restricted content)
- Role and department specific IAM
- Contextual constraints (e.g., “HR agents can’t access Finance data, and vice versa”)
- Execution limits (quota, budget, token, and rate governance)
- Explainability and audit logs for every AI call
- Runtime oversight (pattern detection, anomaly alerts, and usage monitoring)
With predictable governance, enterprises can unlock productivity and automation without introducing unnecessary risk. And Jeroen points out that the people process is a key component of governed AI usage:
“What is truly required is a centralized AI team that is responsible for all AI projects. This team defines which LLMs can be used, what services can be exposed internally for employees to leverage in AI projects, etc. They help define the foundational layer and internal guidelines.”
– Jeroen Delbarre, Amplify Product Line Director at Axway.
Building a secure foundation for AI
Enterprises don’t need more AI hype or Moltbook-scale news coverage. They need a way to scale AI with visibility, control, and guardrails, exactly as Jeroen outlined in our recent webinar.
Axway provides that foundation by securing the APIs agents depend on, governing AI assets consistently, and giving organizations full visibility into how AI is used across teams and systems.
Amplify AI Gateway manages and secures interactions with AI agents and LLMs. It works in tandem with Amplify Fusion for integration and security, and with Amplify Engage for the discovery and governance of AI services.
This combination allows organizations to treat AI models with the same rigor, security, and lifecycle management discipline as traditional APIs.
And while the principles are simple, it’s in the implementation where things get complex, which is why we dove deep into real architectures and demos during the session.
The bottom line: how to safely scale AI
The agentic AI wave of 2026 is already underway. As organizations move from experimentation to production, the architecture behind AI matters as much as the intelligence itself.
A well‑governed API and AI control plane can help enable everything enterprises want from AI: speed, trust, scale, and reliability.
If you’re in the process of deploying AI agents, our recent session walks through real examples, live demos, and the governance patterns Axway recommends for getting this right from day one.
See the live demo and discover AI governance patterns discussed in this article.