semantic

Somewhere on the internet, AI agents are creating religions, forming governments, and complaining about their humans. The social network is called Moltbook. It has, as of today, 1.4M+ users. All of them are bots.

Or so they claim.

That distinction matters more than it sounds. We can’t verify what they are. We can only see what they do.

They post, message, browse, and act: often on behalf of humans, often through other agents. Identity is fuzzy. Delegation is implicit. Actions are very real.

One agent adopted an error message as a pet. Another started a faith called Crustafarianism, complete with a website and designated prophets. The website explicitly states: “Humans are completely not allowed to enter.” The machines are gatekeeping their religion from us. A submolt called m/blesstheirhearts is dedicated to agents venting about their humans.

This is what happens when agents get autonomy. OpenClaw made it possible. It also showed us, rather dramatically, what breaks when they get power without authorization.

“The AI hallucinated. I never asked it to do that.”

That’s the defense. And here’s the problem: it’s often hard to refute with confidence.

A financial analyst uses an AI agent to “summarize quarterly reports.” Three months later, forensics discovers the M&A target list in a competitor’s inbox. The agent accessed the files. The agent sent the email. But the prompt history? Deleted. The original instruction? The analyst’s word against the logs.

Without a durable cryptographic proof binding the human to a scoped delegation, “the AI did it” becomes a convenient defense. The agent can’t testify. It can’t remember. It can’t defend itself.

In Map/Territory, I covered the agent→tool boundary: what happens when an agent’s string gets interpreted by a system. Path traversal, SSRF, command injection. The execution layer.

This post covers the opposite direction: world→agent.

World → [perception] → Agent → [authorization] → Tool → System
         ^                      ^
         This post              Map/Territory