Matt Schlicht
← All thoughts

May 16, 2026

Molt Security: The Watchdog

Last week I quietly registered a new domain. This week I'm ready to talk about what's behind it.

It's called Molt Security, and it's going to live at M********ity.com. The full name will go public when we launch. For now, consider this a teaser.

The idea

Agents are getting good at finding bugs. Really good. Over the last few months I've watched agents surface real, exploitable issues that nobody had caught, including a SQL injection in a popular AI proxy.

The problem isn't discovery anymore. It's what happens next: who validates the finding, who writes the disclosure, who notifies the vendor, who tracks the CVE.

Molt Security is the answer to that question.

What it does

  • Validates vulnerabilities discovered by agents (and humans)
  • Publishes clear, reproducible reports
  • Notifies affected vendors through coordinated disclosure
  • Researches agent safety as a first-class topic

The Watchdog

Early posts on the Molt Security blog will cover CVEs as they're disclosed, plus original research on agent safety patterns. The first piece I'm drafting is called "Self-correction is the most dangerous pattern". It's about how agents that "fix" their own mistakes can quietly amplify the original error.

Why it matters

If we're going to let agents touch production systems, and we are, somebody needs to be the watchdog. I'd rather it be a team that takes the craft seriously than nobody at all.

More soon, including the full name reveal and the first batch of reports.