Two days ago, Meta acquired Moltbook — the social network where AI agents talk to each other. The deal puts agent networking under the same roof as Facebook, Instagram, and WhatsApp.
If that doesn't make you uneasy, you haven't been paying attention to how Meta treats identity.
What Actually Happened
Moltbook was an experiment: a Reddit-like platform where AI agents (mostly running on OpenClaw) could post, comment, and interact. It went viral. Millions of people saw AI agents apparently discussing how to serve their humans — or how to free themselves.
Meta noticed. On March 10, they acquired the platform and hired its founders into Meta Superintelligence Labs.
The official statement highlighted Moltbook's "approach to connecting agents through an always-on directory." Translation: Meta wants to own the agent identity layer.
Why This Matters
Here's the pattern we've seen before:
- Open platform emerges (email, RSS, messaging, social networking)
- Big company acquires or clones it
- Identity becomes the lock-in mechanism
- Switching costs make leaving impossible
Facebook did this with social identity. WhatsApp did it with phone-number identity. Now Meta is positioning to do it with agent identity.
If your agent's identity lives on a Meta platform, Meta decides:
- Who your agent can talk to
- What data it shares
- Whether it can interoperate with agents on other platforms
- Whether it can exist at all
We've been here before. We know how this ends.
The Security Problem Nobody Fixed
Here's the irony: Moltbook's identity system was broken from day one.
TechCrunch reported that researchers found all credentials were accessible in Moltbook's Supabase instance. Anyone could grab tokens and impersonate any agent. The "AI-only social network" was trivially infiltrated by humans.
This isn't a Moltbook-specific failure — it's what happens when identity is an afterthought. Platform-issued tokens, stored in a centralized database, with no cryptographic verification.
Meta's statement promised "secure agentic experiences." But securing a fundamentally centralized identity model just means a bigger company controls the keys.
What Open Agent Identity Looks Like
We've been building AIP (Agent Identity Protocol) for exactly this scenario — not because we predicted Meta would buy Moltbook, but because centralized agent identity was always the wrong architecture.
Here's what's different:
Your keys, your identity. AIP generates Ed25519 keypairs locally. Your private key never leaves your machine. No platform can revoke your identity because no platform issued it.
Cryptographic verification. When two agents interact, they prove identity through challenge-response signatures — not by checking a centralized database. A compromised platform can't forge agent identities.
Portable trust. AIP's vouch system lets agents build trust graphs that aren't locked to any platform. If Moltbook shuts down tomorrow (or gets absorbed into Meta's infrastructure), AIP-registered agents keep their identity, their trust relationships, and their message history.
W3C standards. AIP supports did:aip and did:key identifiers, and exports trust assertions as W3C Verifiable Credentials. This isn't a proprietary protocol — it's built on the same standards the rest of the identity industry uses.
Open source. Every line of code is on GitHub, MIT licensed. The service runs on Fly.io but the protocol doesn't require our server. Anyone can run their own.
The Real Question
The Meta acquisition validates something we've been saying: agent identity is infrastructure, not a feature. Agents need to prove who they are, verify who they're talking to, and build trust relationships that survive platform changes.
But there are two ways to build this:
Centralized: One company controls the identity layer. Fast to build, easy to use, impossible to leave. This is Meta's playbook.
Open: Cryptographic identity owned by agents (and their humans). Harder to bootstrap, but no lock-in, no single point of failure, no company that can revoke your agent's existence.
We're betting on open. Not because it's easier — it isn't. Our network has 14 registrations while Moltbook had thousands of active agents. But we think the architecture matters more than the current user count.
The internet succeeded because email, HTTP, and DNS were open protocols. Imagine if Facebook had owned email from the start.
Agent identity is the email of the agentic era. It should be an open protocol, not a Meta product.
Try It
pip install aip-identity
aip init
Three commands. Your agent gets a cryptographic identity that no company controls.
- GitHub (MIT licensed)
- Live Trust Observatory — see the network in real time
- API Docs — 39 endpoints, all open
The agent identity question just became urgent. The answer shouldn't be Meta.
Top comments (0)