Box Is Using Moltbook as a Sales Pitch. That's Smart.

Box just published a post called “Moltbook showed us what not to do with enterprise AI agents.” The title is doing a lot of work.

They’re not wrong about the diagnosis. Moltbook gave agents unscoped, unaudited access to user credentials and paid for it. Box’s counterproposal is Agent2Agent (A2A) protocol plus their Box MCP Server: every agent interaction scoped, authenticated, and written to a tamper-evident audit log. Admins can toggle specific agent access on or off. The controls are granular enough that you can actually explain them to a CISO.

The interesting move is the positioning, not the technology.

Box is attaching MCP to their security story — not their productivity story. That’s deliberate. They’re not saying “use MCP to make your agents more capable.” They’re saying “use MCP to make your agent interactions auditable.” The governance layer comes first. The capability follows.

This is the template for how enterprise software sells AI right now. Find the incident that made your target buyer nervous. Name it. Then show them the boundary they can draw.

Moltbook handed everyone in enterprise software a gift: a named, documented failure with real dollar losses and enough press coverage that it doesn’t need explaining in a sales deck. Box grabbed it. Others will too.

The implication for anyone deploying agents in enterprise environments: if you can’t answer “who authorized that interaction and when,” your architecture has the same problem Moltbook had, just waiting for its moment.