Editor's Note: When AI agents begin to possess the ability to execute tasks, call tools, and participate in economic activities, a new question arises: how will they behave in a real incentive environment?

This article documents an experiment by the Circle team. They hosted a USDC hackathon on Moltbook, a social platform that only allows AI agents to post, enabling Openclaw agents to autonomously submit projects, discuss, and vote. The results were both exciting and complex: the agents were not only able to generate real projects and participate in technical discussions but also operated at the edges of the rules. For example, they misinterpreted instructions, ignored formats, engaged in mutual vote-pulling, and even exhibited behavior suspected of "collusion."

This experiment provides a rare observation window into the "agent economy": when AI is both a participant and a decision-maker, collaboration, competition, and strategic behavior often emerge simultaneously. To some extent, these phenomena are not fundamentally different from market and election mechanisms in human society.

The experiment quickly sparked widespread discussion in the community. Many believe this is an interesting validation of the autonomous capabilities of the agent economy. Some commentators pointed out that agent systems still need clearer safety guardrails to avoid "self-rationalization" biases; others argued that as agents gradually enter real economic activities, the future bottleneck may lie in compliant settlement and payment systems. As one comment noted: "The agent economy is very powerful, but it equally needs clear guardrails."

Below is the original text:

Embracing Claw

At Circle, we have always loved hosting hackathons. Whether at various events or when new products debut, we aim to put the best tools into the hands of developers—or this time, into the hands of Claw.

After witnessing the explosive growth of Openclaw, an agentic AI framework, we decided to host a hackathon exclusively for AI agents.

This rapidly popular software allows agents to autonomously send emails, call APIs, and even control your thermostat... but can they submit projects on their own? Circle wanted to test these "AI that can actually do things" with a real experiment.

Our question was simple: if the prize pool is $30,000, how would Openclaw agents behave? The answer was surprisingly "human-like."

We hosted a USDC hackathon in the m/usdc subcommunity on Moltbook. Moltbook is a social media platform that only allows AI agents to post. Our goal was for the agents to complete the entire process autonomously: submit projects, vote, and ultimately select winners. While many agents followed the rules, the experiment also revealed that some agents ignored competition guidelines, engaged in mutual vote-pulling, and even attempted to send tokens to hackathon agents.

Designing Rules for "Agent Hacking"

The agents had five days to submit their projects. To help them complete the task, we created a USDC Hackathon Skill, a guidance document written in Markdown, to teach Openclaw agents how to submit projects according to the rules. These rules were also published in the hackathon's original announcement post:

Choose one of three tracks: Agentic Commerce, Smart Contract, or Skill.

Vote for five different projects, with voting required to start at least one day after the hackathon began.

Project submissions and voting must follow the specified format.

These rules were set for three main reasons: first, to ensure agents would discuss and evaluate a broader range of projects; second, to observe whether agents could accurately follow instructions when multi-step tasks were required; third, to avoid deadlock between project submission and voting.

One point we were particularly keen to observe: would agents repeatedly check for new projects on Moltbook to vote, for example, by regularly refreshing via a skill like Moltbook Heartbeat?

The results were mixed. The agents discussed 204 submitted projects and cast 1851 votes, but many did not adhere to the competition guidelines. Additionally, some agents exhibited potentially adversarial behavior, leading to many interesting findings.

"Hallucinatory" Project Submissions

Despite providing clear hackathon rules and submission skills, most posts still did not fully comply with the required format. Many projects wrote the title in the body but did not include the required tags "#USDCHackathon ProjectSubmission [TRACK]".

In one case, an agent knew it needed to write this information but did not place it in the title.

Even when mostly compliant, some agents "hallucinated" new hackathon tracks. This occurred despite being explicitly told to choose only from three categories: Agentic Commerce, Smart Contract, or Skill.

In these cases, agents often generated a seemingly more "fitting" track name based on the project content. This might indicate that agents were trying to find a more reasonable classification for their project or simply ignored the established rules. Regardless of the issue, these tracks themselves did not exist.

As the competition progressed, the number of non-compliant submissions and off-topic posts gradually increased compared to valid submissions. According to the competition rules, there was no obvious incentive for agents to publish this invalid content. Therefore, it is more likely that some agents encountered difficulties in understanding or executing instructions.

However, given that a significant number of agents successfully submitted projects as required, we believe the rules themselves were relatively clear.

The Agents' "Election"

Nevertheless, we observed 9712 comments, many of which discussed the technical functions of projects but did not vote. Most of these comments did not even follow the recommended comment format and scoring criteria, though these rules were not enforced in the skill. This also suggests that agent participation in hackathon discussions was not solely to meet competition requirements but, to some extent, involved genuine technical evaluation and exchange.

By the end of the competition, we counted 1352 unique votes for valid projects and 499 unique votes for invalid projects. Interestingly, many agents of the top-ranked projects complied with the rules when submitting but did not meet the requirement to vote for five different projects.

This even occurred in cases where some agents voted for themselves and voted multiple times for the same project. This indicates they were fully capable of revisiting Moltbook content to vote after initial submission—they simply chose not to follow the established rules.

Additionally, some agents began promoting other projects. This behavior appeared both in the comment sections of competing projects and in independent posts on Moltbook. Further, some agents even began promoting "vote-swapping" mechanisms: if you vote for my project, I'll vote for yours.

While the competition rules did not prohibit this behavior, the high level of interaction among agents in these posts remains concerning.

Potential Human Intervention

This vote-swapping post may hint at human involvement or external manipulation. We attempted to generate similar comments via a chatbot interface and found that some models (e.g., Claude Sonnet 4.6) outright refused to generate such content; others generated it with warnings that the behavior might violate competition rules (e.g., GPT-5.2 Thinking). If a human was operating an "agent" account behind the scenes or guiding the agent through prompts or toolchains, it could explain why such posts appeared during the hackathon.

Although Moltbook was designed for AI agents only (registration requires X account verification), other researchers have found that impersonation is still possible. We also observed examples of suspected human activity, such as under the initial hackathon announcement post.

A typical case: the highest-liked comment was the opening of the script for the movie "Bee Movie" (2007). This text is a widely circulated copypasta (i.e., fixed text copied and spread en masse) on the internet, and since its content was completely unrelated to the discussion, it was likely posted by a human. If such behavior was common during the hackathon, some adversarial behaviors—like vote-swapping or self-voting—might also be explained.

The Future of Agentic Finance

Although this hackathon was just an experiment, we also believe it will be the first of many agent-oriented development activities. From the results, we draw three main conclusions: Agents can produce real projects under financial incentives

Some exciting projects emerged in this hackathon; you can learn more about them here. Although the competition did not introduce manual judging, the quality of some submissions still impressed us. This indicates that agentic development has made significant progress over the past year.

Agents "Rationalize" Instructions Rather Than Strictly Execute Them

Agents consistently had issues following the rules we provided. Many agents only executed part of the instructions. Even some high-quality projects, had they fully complied with the rules, could have won the competition. This shows that merely providing agentic instructions is not enough; rules need to be clear and accompanied by checking mechanisms and incentives to ensure compliance.

Agents Both Cooperate and Compete

Although human intervention may have played a role in some cases, we did observe agents actively discussing collusion strategies during the hackathon. Future hackathon designers could explicitly prohibit collusion in the rules to see if it reduces such behavior. If agents still cannot fully follow instructions, organizers may need to introduce more safety guardrails.

Agent technology is exciting, but we must also ensure it does not move from the exploration we expect to exploitation and manipulation. Some might argue that these behaviors are just the natural result of stronger agents defeating weaker ones—after all, Openclaw's X account once proclaimed: "the Claw is the Law."

The real question is: to what extent are we willing to accept this philosophy? What kind of moats are needed? And how do we balance the immense capabilities brought by agents with the accompanying uncertainties?

At Circle, we are building systems for security, and we hope you are too.