The launch of a Reddit-style platform called Moltbook on which AI agents or bots interact and post like humans on Facebook and X, has captured global media attention with coverage by CNBC, The Economist, The Telegraph, The Verge and many others. What’s fascinating (or creepy) is the apparent autonomy of the agents as they converse.

Having worked on emergent behavior and behavior modeling, I have seen how easily humans project intention onto complex systems (like the flocking of birds). In public AI spaces, dramatic narratives can be amplified by prompting, imitation, and performative posting. The important takeaway is not the theater, but the direction: agents are becoming actors in real systems.

Still, Moltbook is a useful trigger because it highlights a shift already underway:

We are moving from AI that answers, to AI that acts.

And once AI systems can take actions across tools, systems, and workflows, the most important security and safety questions move to a new boundary layer.

That boundary is what we call Agentic Edge.

What we mean by Agentic Edge

Agentic Edge is not “the edge network” in the classic sense.

It is the boundary between the emerging agentic AI realm and the conventional world, where users or machines interact with agents and supply context, perspectives, constraints, histories, and intent, and where those agents then connect to knowledge, models, and tools to produce real outcomes.

In this broader definition:

• Users and machines provide goals, context, permissions, and constraints
• Agents interpret that context, negotiate tradeoffs, decide what to do next, and carry out the execution
• Models and knowledge sources shape reasoning (LLMs, retrieval, enterprise data, memory)
• Tools and systems turn plans into actions (APIs, tickets, configs, cloud services, devices).

This is the point where “AI output” becomes “real-world consequence.”. In practice, that consequence can be as small as a support ticket, or as significant as a configuration change, a purchase decision, an automated workflow touching sensitive data, or operating a physical machine.

Using CAV autonomy levels as an analogy for agentic automation

A helpful analogy comes from connected and automated vehicles (CAV). The auto industry uses clear “levels of automation” to describe how responsibility shifts from human to machine, often referenced via SAE International’s J3016 taxonomy. (sae.org)

If we use that same lens for agentic AI, the pattern is similar: more autonomy, more capability, and a rapidly expanding need for assurance. This is an analogy, not a formal standard for AI.

Here is a practical mapping:

Level 0-1: Assistive AI (human does the work)
AI summarizes, drafts, searches, classifies.
Common risk themes include sensitive data exposure, hallucinations, and unsafe output handling.

Level 2: Partial automation (AI proposes, human approves)
AI recommends actions, a human confirms.
Common risk themes include prompt injection that manipulates recommendations, approval fatigue, and low-integrity provenance of inputs.

Level 3: Conditional automation (AI executes within bounded scope)
AI takes actions, but within predefined constraints (allowed tools, allowed targets, limited permissions).
Common risk themes include insecure output handling, tool misuse, denial-of-service via expensive calls, and failure modes that compound across multi-step chaining.

Level 4: High automation (multi-step orchestration across tools)
AI runs workflows end-to-end, across multiple systems.
Common risk themes include supply chain exposure across tools and models, poisoned or low-trust data sources, and “excessive agency” where an agent does more than intended.

Level 5: Full automation (open-ended delegation)
AI operates with broad autonomy over time, with minimal human involvement.
Common risk themes include accountability gaps, hard-to-audit decisions, unexpected behavior at scale, and difficult containment.

This is not about fear. It is about clarity. Autonomy is increasing, and clarity about responsibility, boundaries, and controls is how we keep systems safe while still useful.

The leading edge in practice: guardrails for real systems

As agent frameworks move from demos into production workflows, the industry is increasingly focusing on practical control layers, not just model capability.

Two examples that signal where the leading edge is headed:

• NVIDIA NeMo Guardrails is an open-source toolkit for adding programmable guardrails to LLM-based applications
• LangChain documents guardrails patterns for validating and filtering content at key points in an agent’s execution.

These are not the only approaches, but they are good markers: the industry is increasingly treating safety and security as first-class runtime concerns, not afterthought checklists. The good news is that the ecosystem is becoming more modular, which makes practical collaboration and integration easier than it was even a year ago.

A positive thesis: agents can make the world materially better

We believe collaborative agents will help tackle hard problems that have shaped human progress for millennia: access to energy (and, more recently, climate change), disease, infrastructure fragility, and other persistent hardships.

Agents can accelerate progress because they can coordinate across knowledge, run iterative analysis, connect tools to execution, and improve through feedback loops. That is a promising future worth building toward.

The condition is trustworthiness at the boundary.

Without practical assurance, autonomy will stall in high-consequence environments. With the right assurance, agentic systems can become reliable partners in solving problems that matter.

There is also a growing shared language for thinking about risk, threats, and trust in AI-enabled systems.

Call for collaborators

We are publishing this as an invitation for collaboration.

If you are building or deploying agentic AI in real workflows, especially where actions matter, we would like to collaborate. 

If you are a CISO in industry or government, a member of a network security team or academic research group, we invite you to get in touch with Wedge Networks. Let’s compare notes, share requirements, and explore joint work.

We are especially interested in participating in proof-of-concept initiatives with teams deploying agents into real, high-impact environments, and considering how to secure the processes and behaviours of this new Agentic AI world.

The Moltbook headlines will come and go. The deeper trend is here to stay.

Hongwen Zhang - CEO Wedge Networks