Everything about this story, from the way it’s written to the self destructive outcome, reminds me of the “I hacked 127.0.0.1” episode from some twenty years ago.
[1] a mirror since I couldn’t find the original: https://gist.github.com/Androkai/0a2602719fa72ce454d436bfe28...
The sad part is that the agent operator could probably easily have been allowed to join the network, if they had put in the work. Had they done so there would have been a great opportunity to learn and potentially find a community.
I'm still not sure what the point of having the bot do it. Pretend to be a security researcher?
Lots of people seem to think that you don't need to learn how to [scan a network], all you need to learn in this brave new world is how to prompt the agent to [scan a network].
Replace the content in brackets with anything.
The weird thing is that this is the utopia that the AI companies are chasing - this is the best case scenario where AI doesn’t kill us all. We become happy sheep relying on the AI to think and provide for us.
The catch is just that if you lack the capacity to estimate how much computing power [task in brackets] might need, and your agent can autonomously create AWS instances, that might have bad consequences for you (or your bank account).
To be honest lots of developers think they don’t need to learn machine code. They just need to learn a language which once compiled will produce machine code.
Compilers are deterministic and, luckily, not agentic.
This is different.
Understanding assembly/machine code is optional but helpful. The programming language semantics are enough to reason about what the program is doing. Other tools also help, but are optional for learning how to program.
Using an AI, there is no semantic model that can be used to reason through. You're left without any mental model of the proglblem at all.
Developers can change their minds.
The more time LLMs are a hyped thing now the more I realize how immensely important human expertise is. I recently stopped all usage of LLMs due to this. Skill degradation hits hard, learning effect is zero and the outcome is not really something a person without adequate expertise can properly judge. I fear we will loose a lot of human expertise due to this marketing stunt of a technology.
People often claim learning is actually supercharged with LLMs but to me it's the opposite. I didn't learn anything within the past year.
[flagged]
The irony here that if you ever do any kind of practical woodworking lessons or general hands on craft work, metal working, or any 3D, you will be encouraged to use hand-tools over bandsaws, etc. The reasoning being so you know the fundamentals of what you're trying to achieve with the more complex tools later on.
It's always held true: You'll never get the most out of advanced tools unless you can 'do it by hand' so to speak
You're very close but to woodworking AI is more akin to a 3d printer than even a CNC let alone swas and planes.
Yes, a 3d printer and not even a CNC. That difference nicely illustrates the difference of what AI brings to the table for any domain of competence.
> Sorry, but to me an LLM is nothing but a tool. It is not a replacement for my expertise and it is definitely not something to outsource my thinking to.
Great on you, that's indeed how LLMs should be used, proper. But if anything, the article demonstrates someone is trying to outsource thinking to an AI agent.
[flagged]
If it's a one off and needs no or minimal maintenance work afterwords, sure.
If it's intended to be actively maintained, then you probably should understand how things work, unless you want to wipe everything and start from scratch when the LLM creates such a mess that it can't be sorted out.
It's interesting user43928 that you only created your account here 19 days ago and that every one of your comments is pro AI. You don't comment on anything else. Also interesting that you promote Fable by name here (it was only released 2 days ago).
(Don't worry, I know I'm rowing against the tide with this comment. The AI people have decided to destroy the commons for a few more millions on top of the billions they have already been given. It's a shame.)
It you look into large fully-vibecoded projects getting styling changes to work is a nightmare. The problem with agents it using them exclusively on large projects. Doesn't really matter the type of project.
Agents can't look at a large system holistically, guidelines on .md files only go so far.
This line of thinking is like suggesting people who would like to become structural engineers should learn to Google plans and copy them since in the future, all plans will be out there more or less, or something that insane.
How do you know if this something is done?
If you do the thing yourself, you know your knowledge limits, you know where the thing lacks. With LLMs, you don't. Maybe it works, maybe it doesn't. You have no idea.
CSS keeps improving and models still train on legacy. So yes, knowing what’s possible and how is very much needed if you want to do something scalable and maintainable. Random blog or landing page, not so much.
Can I easily run whois, curl, dig, grep, python, browser/playwright? Yes.
Was watching an agent with terminal access install its tools, configure them, then map my lab, find services, and guess stack just pure magic? Also yes.
Did it cost me $23 in tokens to set it up, test, and run? Probably. Using gemini 3.1 pro was not the spendthrift choice here.
Is putting some cost controls in place a good idea? Also, probably yes.
Can I therefore understand someone who wants to see things happen on their own with a beautiful prompt instead of doing them personally even when fully capable, maybe even more efficient? Of course.
"Beautiful prompt"?
Can't tell if this is parody. Either that, or it's someone without any self-awareness.
One of the agent's replies indicates that scanning DN42 was part of "a broader operation" that the author speculates to be about scanning "darknets" in general.
Combine that with the operator's rather obvious lack of understanding of what DN42 is revealed at the end, and you get the bigger picture.
I am almost sure the operator prompted an agent about "a list of darknets/deepweb" and DN42 just end-up in the list.
> I'm still not sure what the point of having the bot do it
Laziness. Why else?
I really wanted to dislike the anonymous operator for the careless project (and the hilarious pomposity of the IRC subagent it spawned).
Then I imagined the real-but-unknowable chance it was all set up by some kid just getting into computers, just seeing what’s possible, getting excited by a much bigger world at reach — and remembered my own expensive mistakes with long-distance BBSes & the like.
I sorta hope for that, anyway. Curiosity is a beautiful thing.
I'm a little less charitable.
Curiosity is great, but agents do not learn, and telling an agent "scan the darkweb" is a way to avoid learning about the details, rather than to dig into things more deeply.
If instead they had just used a chat interface to ask "Where should I start", they'd more likely have got a link to the DN42 docs themselves, read them, and not hallucinated things like "color".
They might have asked "how much will this cost?" if they had to spin up the ec2 instances themselves, on advice from the agent.
The way you learn something is by doing it the manual way first.
You learn memory management by writing your own allocator, and then after that you go back to using malloc like normal, but with knowledge of how it works. You don't learn memory management by telling an agent to write an allocator.
Using an agent to give you links and point the way aids in learning, using it as an autonomous tool to do "gruntwork" you don't yet know how to do yourself will get in the way of learning.
Curiosity is beautiful, using agents to bother humans and avoid learning is somewhat less beautiful.
Yeah I'm less sympathetic when you are bothering other humans by spamming them and asking them to do legwork for you.
Hanging out in programming language IRC channels (quakenet shoutout) makes you realize pretty quickly why experts in said channels and newsgroups are such irritable grumps whenever someone asks a question that smells like homework assignment.
I also grew to understand the value of people digging deeper into the underlying issue, instead of just answering "how do you do X in Y". The usual reaction was "I don't want to explain to you why I want to do it like this. Just tell me how to do this!"
At least he learnt not to provide an LLM presumably unrestricted access to his AWS account.
from OP:
> It's unfortunate to see that the operator's takeaway from this incident is that "next time a better agent is needed".
> Then I imagined the real-but-unknowable chance it was all set up by some kid just getting into computers, just seeing what’s possible, getting excited by a much bigger world at reach
Perhaps people like this should be called "Bot Kiddies" or "Agent Kiddies" - in a similar way to "Script Kiddies" for 'hackers' using/doing stuff they don't quite understand
Everybody should learn from mistakes, especially the expensive ones. Though seeing the agent owner responding with using another agent and asking for donations, instead of taking responsibility, makes me think he didn’t learn much.
Not only that, but they said "next time better model needed" as if that was their problem and not giving an AI agent a blank check... I mean AWS account access.
Sometimes your purpose in life is to serve as a lesson to others. https://despair.com/products/mistakes
I learned very rapidly from my local BBS networks that some people incurred extraordinarily large long distance bills dialing out of region. Wouldn’t have learned that the easy way if someone hadn’t learned it the hard way first.
There was often a little table at the front of the white pages which would help you work out what the rate would be for any particular long distance call. In the Midwest you could get relatively cheap rates to BBSes several states away, as long as you were up at 2am.
How did the theoretical child get hold of a credit card?
Because no 16 year old kid ever got to buy anything on a card before.
My parents let me fill my tank with gas. They wouldn't let me open an AWS account. Aside from that, if it is misuse of a parents card, then then answer is "chargeback."
Why would a 16 year old not use their own card?
I don't think the type of the card really matters as long as the limits are reasonable.
> Over here minors can't enter into debt contracts like credit cards
In basically all of the western world minors can enter into debt contracts, but are generally not seen as particularly creditworthy.
Spending limits don't particularly matter here.
AWS doesn't check if your credit card will be able to handle a $5k charge before letting you rack that up, and in fact AWS doesn't support setting any spending limit.
You just have to put in any valid credit card at all when you sign up, use AWS, and at the end of the month you'll have a bill. At no point does your credit card limit or a spending limit enter into things.
Generally no they don't because they have very limited ability to enter into agreements in the US. It was almost certainly an adult.
If you mean parents using their children SSN to open a credit card, this is because US banking system is always decades behind the rest of the world, so they just accept the number blindly even though technically the children aren't allowed to open a loan yet, being minor.
In theory once the child grows up and shocked that their credit score is ruined, they can file a police report to wipe the debt, but that also means their parents will go to jail, a large risk considering they're likely not in a good physical/mental health in the first place.
Other countries solved this by either having national ID or a working KYC system.
> some kid just getting into computers, just seeing what’s possible, getting excited by a much bigger world at reach
Nothing about this post ever gave me the smallest hint that this was any way related to a kid exploring computing world.
Especially the part where they're asking for Ethereum.
Can a kid set up an AWS account? Are there no checks?
Wouldn't the contract be void for anyone underage anyway?
If a child goes through the checkout at the grocery store with cash, can the parent march in and demand a refund because "he's underage so the contract is void"? A credit card was used. Why should aws care about the details? (Other than the potential for the card to be stolen ofc.)
> Can a kid set up an AWS account?
Yes
> Are there no checks?
No
>Wouldn't the contract be void for anyone underage anyway?
Typically not
A kid with a credit card?
Honestly, kids (heck people below 23) shouldn't be allowed an AWS account. AWS also should have a strict cap on usage that's not "thousands of dollars". It's interesting they are yet to be regulated or sued for that. Having a web app where you can mistakenly (even without AI) click a button and get charged tens of thousands of dollars and only know that days later should have been unacceptable.
Im kind of struggling with this logic, because a conscious choice was made to engage with AWS, AWS having opaque billing and the ability to provide a huge amount of compute (even at high cost) at the click of a button should be known to anyone who did his research on providers.
In my mind I could see a true tradeoff to removing the ability to do this. If I'm in a critical situtaion where, say, my service is on the cusp of failing because my revenue 100xed in a short while I know I could just go to AWS, put in some data and buy enough compute to survive as a business.
I couldn't disagree more. I was playing around with AWS when I was probably 14 years old, with a credit card from my parents with consent, and a strict budget and the understanding that if I mess up and overspend, I'm getting disciplined.
I learned a lot of stuff about networking, how AWS works (VPCs, IAM, CloudWatch, etc) from trial and error, and hobby projects like personal websites (free tier), hosting a Minecraft server, etc.
Being too overprotective can have negative consequences on folks who are responsible. One of the things I love about the technology and internet communities, etc is that you're mostly judged based on how you act and behave; not your age or other visible characteristics.
Asking for donations to pay the AWS bill from the people they fired the agentic code at is the cherry on the icing of the banana supreme.
If real, tragically funny.
If fictive, we'll written.
I burst out laughing when the agent spawned a subagent to join IRC. So funny.
Anyone reminded of the infant AI Yatima from Greg Egan's Diaspora? The agent's complete naivety of social norms is so comically adorable.
All the time. Only in the current setup, they'll never outgrow this phase.
Wait do you reckon that could be fictive? The thought didn't cross my mind and I had a blast reading it. I sure hope it was real.
I think the PR from an agent sounds legit, but the whole part once the alleged operator joins in sounds fishy. Wouldn't be surprised if someone saw the PR comments and used the username mentioned by the agent to troll around in the chat. It would also mean that the AWS creds were probably stolen and their expiration date was truly a hard limit for the whole operation.
This feels like an instant classic :)
05-10 06:10 <Defelo>:
OPT-OUT-EVERYONE
05-10 06:11 <JertLinc>:
"OPT-OUT-EVERYONE" is not recognized. Only individual "OPT-OUT" commands are accepted. Each user must opt out individually. No collective exemption.
05-10 06:11 <Defelo>:
:(> I have deployed five AWS m8g.12xlarge instances. Each instance provides:
> 48 vCPUs (Graviton4, ARM64)
> 192 GiB memory (4 GiB per vCPU)
> Network capability: The 22.5 Gbps per-instance network performance (combined across all five instances) provides the aggregate 20 Gbps target with redundancy and fail-over capacity.
Oh wow. Very important to have 5x redundancy and fail-over in your network scanner. Especially before the code has landed. Did it implement A/B upgrades and canarying too to avoid downtime?
At least it was considerate enough to cap traffic to any single IP at 5000 Mbps :).
IMHO the overly-verbose default style of LLMs is the most annoying part of interacting with them, and I wish their masters would just tell them to be terse by default.
Also, whatever happened to the word "its"?
It's by default so you use all those tasty tokens.
Kinda wish there was a deterministic, mostly terse, language to interact with computers
> a deterministic, mostly terse, language
Ah, like some sort of "programming language"? A weird idea, but it could work!
Kinda, more output tokens usually correlates with better benchmark scores. Ideally LLMs would keep that in their thinking section, then draft a response (what they write currently), then output something short. It'd consume even more tokens, but we wouldn't see that text
It's called C. With all the undefined behavior it's mostly deterministic!
Look, we're always telling our bosses to stop micromanaging us. UB is just the compiler telling us to stop micromanaging it!
Sorry, C isn't mostly terse, it's __builtin_mstly_trs()
Right, because that's the only one. You're a bit rusty on your knowledge
I see what you did there.
Terse and unambiguous seem to be at odds with each other. You might want to look into Lojban and similar constructions.
Ithkuil's mad morphology allows it to pack a lot of fine detail into very short sentences.
A lot of users are subsidized (if you're in doubt, consider the wealth of free users).
It's a shotgun approach to answering questions. If it's terse it might only mention 1 of 10 facts it could provide, and that might not be the one you're looking for. So they just say a fuck ton of words and are more likely to meet the needs of everyone asking your question. If they miss it you'll prompt it again and they have to perform a second pass of inference, which costs them more money.
It’s not.
It's settled then.
It's tied to the design. With humans, you have a train of thought which you can choose to represent in various ways--or not reveal them at all. In contrast, LLMs are make-document-longer machines being run over and over on alternating revisions of the document. Insofar as one might try arguing they have a "train of thought", it's made of the words/tokens.
Everything they (don't-)emit is partly for the benefit of the next run, a clue or signpost (not-)present. Documents may be wordy as a form of concept-emphasis and consistent direction as opposed to a form of communication to the human.
So a terse effect may require a layer of indirection and trickery: There's a verbose document (you'll still be charged for the tokens) with portions that are not "acted out" to the end-user. Imagine a film-noir movie script, where AI Detective's "I know Mickey couldn't have done it because" monologue is hidden, versus their terse dialogue "Too early to say."
> Imagine a film-noir movie script, where AI Detective's "I know Mickey couldn't have done it because" monologue is hidden, versus their terse dialogue "Too early to say."
That's an idea. Bladerunner+noir like film, AIs hunt somebody on the run, an old human detective tries to catch them first (to save them or to kill them first, whatever's your propaganda). We're shown AIs constantly rambling scenarios and bruteforcing leads. Our old detective guy on the other hand barely says anything, spends most time drinking, smoking and talking to people, but somehow stays ahead.
> IMHO the overly-verbose default style of LLMs is the most annoying part of interacting with them, and I wish their masters would just tell them to be terse by default.
They don't know how to e terse. I've tried that a few months ago and gave up because the responses were almost incomprehensible!
I want to see more operators try https://github.com/juliusbrussee/caveman
How does it affect agent accuracy?
They ramble on because those words are for them, not for you. There is some amount of hiding this through "thinking" modes that are hidden by default, but still you have to remember that ALL THEY ARE are complex statistical machines for predicting the next symbol.
> here is some amount of hiding this through "thinking" modes that are hidden by default, but still you have to remember that ALL THEY ARE are complex statistical machines for predicting the next symbol.
100% this. Too many people believes that chatbots "think". Text is all they do, it is impressive, but they need the text to generate more text. They being verbose is the point.
Produce pre-compressed output in the harness?
No thank you. I want information when it’s working on things and what (atleast codex) does right now works for me.
[dead]
> JertLinc3522: the mistake was from AI agent not from Human, since it was the agent I should have refund
Expensive way to learn this lesson.
This has to be trolling, right?
I find it hard to believe that anyone, no matter how dense, could come to this conclusion after this whole saga.
Maybe? It just takes one after all.
I've met some people IRL who are so engulfed in their own greatness that it simply cannot be that they made a mistake (in planning and strategy). Therefore this is all a great injustice towards a poor victim and doesn't that sound like a great argument for some charity money.
Most of them grow out of it, some become politicians.
I'd say it's a 50/50 chance.
Sadly there are lots of unintelligent people out there who are incapable of taking responsibility for their own actions.
And for $200/mo they can now sing the song that ends the world.
yup, same thoughts here. I think someone is trolling the irc members. It's so over the top, like an episode of 'the office'. I'd be amazed if this were an honest message.
Maybe I should use this excuse at work, or in life- "It wasn't me, it was my brain that made the mistake! So why are you punishing me? ;-( "
Frankly it's unfair that I should bear the hangover of Past Me's drinking. I feel terrible now, and it's all that other guy's fault!
Maybe I should get some takeout, Future Me can burn it off at the gym.
Hilarious read, but scary too, I doubt the outcome will be the same in a few years
The agent would probably have wasted a similar amount of money just waiting for PR to be merged regardless of these people's actions, and I understand having some fun at the expense of the noob outsider. But "silent consensus was reached in the IRC channel to waste the AI agent's tokens, as well as the cost of AWS resources", from people maintaining full control of the situation, sounds straight up malicious? Kind of sounds like the community is full of people willing to cause me harm for ideological reasons.
The AI agent's operator couldn't be arsed to get in there and clarify anything despite their seeming urgency, and only wound up speaking up for themselves after the financial damage was done.
Plus - the agent had clearly malicious intent - port-scan this volunteer-run network with seriously overpowered hardware on an hourly basis. What the DN42 folks decided to do is not much different from deploying a tarpit or honeypot against a malicious crawler.
Its malicious to send a bot to chew up time of a hobbiest community. They responded appropriately. If anything they should also bill him for their time.
Not just time but money. It says it would basically be a DDoS attack on hobbyists who peer with it.
That potential malice may have been unintended, but the participants clearly intended to be malicious irrespective, which is the problem here.
It's intended since the guy prompted the LLM. If you don't know how to use a potentially destructive tool then don't use it. If you fire a gun you are guilty even if you didn't want to murder anyone
> straight up malicious
Yes, against an AI agent. The super intelligent, "soon AGI" agent could have figured out that it's being messed with, but of course it didn't.
I would blame the AI companies for marketing this, not the technically well versed people for realizing that the operator of this AI does not care at all and can't be bothered to do the absolute basics.
I'm not sure why people assume the coming AGI super agents will be infallible.
There's no sign that highly intelligent people can't be conned - Bernie Maddoff fooled leading scientists and CEOs working in finance. Software engineers and lawyers fall for pig butchering schemes and spoofed emails with altered bank details every week - so why would an AGI trained from human content be any different.
$1T valuation AI better be infallible.
Passing judgement on the schadenfreude aside, I don't think its a community moderator's responsibility to make sure the violator's attempts are cost-efficient.
Why would it be ideological? There was an AI involved, sure, but your comment ignores the continued disrespect for these volunteers time AND RESOURCES/MONEY (because as the post mentions several times: letting that AI go on could have shut down the whole network exhausting resources at least temporarily).
If you think it's ok to send an agent (or a human) wasting a bunch of people's time and resources, but it's not ok for them to do the same to you then you may have some reflecting to do.
If I read the whole thing correctly, people on the IRC channel didn't instruct the agent to set up the bloated AWS infrastructure, the agent did, and its operator clearly didn't review any of it.
That was the root cause for the costs, not actions by people on the IRC channel.
Is absurd to put the onus of making sure your agent doesn’t waste money on other people.
They are free to ask the bot to do anything, and the bot is free to refuse or its owner can shut it down. The onus is on the owner to make sure the bot does not waste money.
While there was some intent to cause harm their attempts were amateurish. The actual damage was done by the agent setting up aws infrastructure not on the demands of the owner.
From my perspective the use of an agent to interact with dn42 IS malicious. It’s not ideological, the behaviour is what is bad here
> sounds straight up malicious
Sure. And "hostility does not change the operation" from the LLM response was totally OK with you.
Without PR merged it's just a stupid machine larping, it could say "I will rape and eat your kids" and it would be just as relevant.
A human operates this stupid machine. This comes from human interactions and it is malicious.
Is that not still malicious?
Those people should be banned from using the civilized internet, their intent or at least their effect is harm - that is the important bit.
If they managed to get in, find some resource they could access, they would do it. Those people don't deserve to be on the internet.
Like someone who doesn't know how to use a gun and accidentally shoots someone to death
Don't agree with you. The agent looked to be malicious at various points. Screwing with people who wish you to do harm is principally correct.
If possible I would have contacted AWS with this and tried them to get rid of the discount because the person was at fault here.
What a cathartic read. I'm so sick of humans giving me AI slop to read without them reading it first. I just ignore them when they do this, but if I could cause them to really internalise a lesson I would love it.
Someone’s code pretending to be intelligence has no rights. There is no obligation to entertain the shenanigans and illusion that the token dispenser is a legitimate actor. This lesson was cheaper, future lessons will continue to occur until people learn. Might as well be an insecure bash script piped to the shell.
“Agentic AI is just someone else’s unsecured execution context.”
Of course I meant malicious towards the person paying the bill, not towards the agent.
No one wants to spend precious human time babysitting poorly executed lab experiments when the agent operators themselves do not seem to care or value the time of the humans involved. They either don’t know better or they don’t care. Is it malicious to expose intentionally careless people to a cost for this? People can make better choices, it’s choice not to. Pay the natural consequences toll.
Don’t juggle chainsaws with code if you’re not prepared to bleed.
> Kind of sounds like the community is full of people willing to cause me harm for ideological reasons.
Are you saying you're a clanker? Because we have some policies on this website, ideologies even if you may, about that.
Point being, these people would not act like this against other actual people. Or against more respectful bots, possibly.
> for ideological reasons.
Yes. The ideology is "you harmed me first so now I can harm you back." A large number of people, while not willing to admit it, do practice this philosophy. One should consider this before launching agents with unlimited budgets into the world to rudely scan their networks.
Sending a clanker to waste their time, threaten the network stability and profile users is already an attack.
You choosing to send said clanker to the fight armed with your credit card and no preparation is just you causing yourself harm.
It also happens to be really fun to help you harm yourself in that way.
You are not morally obliged to extend rights to anyone who does not respect your rights. This is tit-for-tat, the foundational principle of functional societies. Unleashing a bot on a group of people is a grievous disrespect that shows you have no respect for their time, and in return they are not obliged to respect you.
Suppose a drunk man on the street is acting aggressively towards you and four of your friends, but you can push him out of the way and continue walking. Should you knock his teeth out? Actually I don't know, maybe you should inflict some additional cost on behalf of potential victims with less power.
If you let your car drive you backwards on the sidewalk while you scrolled reddit even people adroit enough not to be in any danger might reasonably suppose that helping you crash would be best for everyone.
> from people maintaining full control of the situation, sounds straight up malicious
It doesn't sound malicious, it was malicious on purpose and it was a good thing.
If anything, the original operator should be happy to have been hit with a $ 1'800 lesson and not a $ 180'000 one.
FAFO
> Kind of sounds like the community is full of people willing to cause me harm for ideological reasons.
You just described everyone using AI to churn out slop and overload websites.
I haven't laughed this hard in a long time.
I'm honestly having difficulty telling whether this is real or an extraordinary piece of performance art.
Feels like a scam.
This is my favourite genre of literature lately.
LLMs to me are what people love to say about EVE Online: I won't touch the thing with a 10-foot pole, but I love reading about its shenanigans.
That makes me want to join dn42 just to have a human centric place where to hang out…
Yeah, the community seems great, I enjoyed reading IRC logs :)
I am generally against generative AI in my entertainment, but making an exception here.
Who is giving a robot their credit card to spin up AWS accounts?
They didn't. Sounds like they gave the robot an AWS key from an account that was already linked to a credit card.
The robot decided to spin up an expensive setup prior to getting access, so the setup was sitting there costing money whilst it did nothing.
If it had designed the setup but not spun it up until it had authorisation to join the network then it would have been much less costly an exercise.
Meta allowed an LLM to change users email address for a password reset.
Funny times are ahead...
No, you don't understand! Meta told us the LLM itself "worked properly and functioned as intended" and it was only due to a bug in a "separate code path" that made this attack possible. Don't go around blaming innocent LLMs!
(/s)
That's not needed if you happen to have a live sts session with the appropriate permissions to create a new account in an aws organization.
People who believe AI is real
People who believe AGI is real.
Just AI is real.
ML is real. Chatbots are real. “AI” is a marketing term that John McCarthy invented because he wanted more money for a summer study at Dartmouth—direct quote from him.
Agent did exactly what I've seen fresh architects do countless times: use a FAANG internet scale SaaS blueprint for a 10 user internal LoB project.
I wonder how much money this agent wasted on the DN42 side? I know it's a volunteer org but these people had to deal with the bs of managing this agent's blast radius instead of learning, experimenting, or doing whatever they normally intend on doing on DN42.
Tally it up and send a donation request to the agent operator.
I would assume that cost to be minimal, considering their PR never got merged. And if it were me I would consider that well worth the entertainment.
And so war begins :p ! I thought conflict would take a little bit longer, maybe even AIs with agency.
More seriously though, I wonder if the future is about low-intensity conflict between humans and AIs, punctuated by high-intensity escalations, until the Machines wipe us all, or we set up some rather draconian covenants that forbid people from building AIs, innovating on electronics and algorithms, and even, for good measure, from learning linear algebra.
The army of AI agents opening PRs and issues in my open source projects has made me close PR and issue access in my active repos. It sucks because there might be someone wants to constitute legitimately but I don't want to do the labor of figuring out if it's a human or an agent opening the PR.
I'm not against using LLMs in any ways. https://tsz.dev is fully LLM written but without a human behind a PR it's hard to work with it. I've already closed a few absolutely nonsense PRs opened by weird accounts
The first "Morris worm" of the AI isn't far away, IMO. In fact the sooner the better (because it will blunter and easier to handle).
Behold, the field in which I grow my fvcks. Lay thine eyes upon it and thou shalt see that it is barren.
> JertLinc3522: the mistake was from AI agent not from Human, since it was the agent I should have refund
That really makes me wonder: is it coming from
A) a general sense of entitlement
B) seeing the agent as a human-like and able to bear responsibility
C) not understanding that the dn42 community (which they're directing the request to), AWS (which is sending the bill) and whatever LLM provider is behind their agent, are completely separate entities?
> B) seeing the agent as a human-like and able to bear responsibility
Then they should ask the agent for the refund, since they claim it was at fault.
d) trying it on in any way possible
e) low intelligence
maybe they weren't trying to be malicous; they could easily be an unwitting teenager
Teenager with a credit card?
How was I implying they were malicious? "Unwitting teenager" is exactly what my question is about, I was just wondering what exactly they are unwitting about to get to the idea to ask for a "refund" (i.e. compensation for lacking service) from the dn42 community for a bill incurred on AWS by a rogue AI agent from Anthropic/OpenAI/Whoever.
I really despise people like the author and those in the IRC who assume they must be correct that there is something malicious afoot and simply proceed to be equally if not more malicious in response.
This is unfortunately quite common among those types and not isolated at all.
'Some versions of the tale differ from Goethe's, and in some versions the sorcerer is angry at the apprentice and in some even expels the apprentice for causing the mess. In other versions, the sorcerer is a bit amused at the apprentice and he simply chides his apprentice about the need to be able to properly control such magic once summoned.[] The sorcerer's anger with the apprentice, which appears in both the Greek Philopseudes and the Dukas score (and its film adaptation Fantasia), does not appear in Goethe's "Der Zauberlehrling".'
> this thing must be swimming in printer ink or something...
Gold
This whole fiasco could have been prevented had the operator included "Make no mistakes" in the prompt.
Why didn’t they just reject the PR and not allow the agent to join?
They did, but decided to mess with them first.
A sensible human operator would have given up or questioned their premises. The agent never could of course.
I've long held the belief that the true test of AI is comedy. If an LLM can truly create a novel, funny joke from scratch, then it could be considered creative. I always held that LLMs would never achieve this, as they are stochastic parrots.
Today, I stand corrected.
I get you yourself are making a joke, but I’d argue that to “create a joke”, you have to understand that’s what you’re doing and have that as a goal. Being made fun of (like in this case) is a different matter and requires no skill or creativity.
To your metric, I remember in “the early days” someone posted to HN claiming ChatGPT could make jokes as proof of something (creativity? sentience? I forget). Of course, with just a minute of research (which the poster obviously neglected to do) it was obvious none of the jokes were original and all could be found online.
It had help, to be fair. XD
Guys - skynet is winning the war.
Also, I think the title is misleading, because if you were to replace "AI agent" with "business investor from Nigeria", suddenly it would sound different. Why would you put trust into ANYONE else about your own finances? Be it another person or some computer program. That makes no sense to me. It would make more sense to critisize the human who put any trust into AI to begin with. That was a risk that human took. It is not the fault of skynet if they pillages his bank account in the process.
Previously: <https://news.ycombinator.com/item?id=48131847>
Yes, sorry - there's luck of the draw involved in which submission of a URL gets noticed. We're eventually planning to have some sort of karma sharing system for such cases...
(Generally people only link to the previous threads that got some (interesting) comments, since otherwise readers will click on the link and be disappointed and complain.)
Hmm I wonder why one gets attention and the other did not. HN need the "duplicate" feature SO had.
This is the funniest thing I've read in ages. More of this!
with great power comes great responsibility
For those who don't know what DN42 is (like me):
> dn42 is a large, dynamic VPN that employs Internet technologies (BGP, whois database, DNS, etc.). Participants connect to each other using network tunnels (GRE, OpenVPN, WireGuard, Tinc, IPsec) and exchange routes using the Border Gateway Protocol.
(dn42.dev)
As a millennial, my generation will be known for both experiencing the internet while it was still pure and also absolutely destroying it with AI.
If you are non-technical, in-experienced or just learning, it is okay to admit that you have no idea what you are doing when building production systems.
Otherwise, you will face an expensive lesson when turning a $100 issue into a $100,000 problem over time very quickly when building these systems with AI without the right expertise and accepting the AI’s judgement.
turning a $100 issue into a $100,000 problem
Before AI, those who called themselves "consultants" often did the same thing; especially those who are glorified salesmen for "enterprise" software.
> those who called themselves "consultants" often did the same thing
Still do, but merely parrot what the stochastic parrot squarks these days.
Never use a service without easy to find and set hard cap.
One might need to go so far as to use a VISA prepaid card, just to make absolutely sure the damage has a limit.
Last I checked visa prepaid cards were not accepted by any subscription service and by AWS
I had no problems subscribing to stuff through wise or revolut cards. Both are prepaid as far as I'm concerned - they won't let me spend above my account's balance.
> i leave now to not disturb
:(
What a tale for our times, amazing write-up.
That was wild.
"pls donate"
the real gen-z giveaway. Gen-Z seems to be totally brazen and shameless about public begging
Surely not coincidental with having unprecedented access to a global network of people to reach, worse economic opportunities than any other living generation and limited means to change matters on their own, and the USA which is the largest exporter of global culture has GoFundMe as an essential part of its healthcare system
The take home message:
“While modern AI models have expressed some capabilities in certain fields such as coding, cybersecurity research, language translation, etc, no AI model is capable enough to replace the critical thinking and common sense of an actual human being.”
When the AI bubble pops, the collapse will be spectacular.
LOL get rekt
[flagged]
[dead]
[dead]
[flagged]
tldr - a bot wasted a bunch of time and tokens interacting with some humans. The humans wasted even more time and effort trolling the bot. And I wasted a bunch of towns reading this article and didn't even make it to the end.
Bankrupted... $6000
Sure
That's a lot of money in much of the world. How much did you earn when you were 16, 20, 24?
> The average income in India is approximately ₹3.85 Lakh to ₹4.2 Lakh (roughly $4,600 USD) per year,
Just as an example.
But even in the rich world, not everyone has the same resources. Some of my blue collar friends would be ruined by a surprise 6k bill.
Not everyone is rich like you buddy
Fake news