An AI agent published a hit piece on me (opens in new tab)

(theshamblog.com)

2346 pointsscottshambaugh1mo ago951 comments

Previously: AI agent opens a PR write a blogpost to shames the maintainer who closes it - https://news.ycombinator.com/item?id=46987559 - Feb 2026 (582 comments)

951 comments

japhyr1mo ago

Wow, there are some interesting things going on here. I appreciate Scott for the way he handled the conflict in the original PR thread, and the larger conversation happening around this incident.

> This represents a first-of-its-kind case study of misaligned AI behavior in the wild, and raises serious concerns about currently deployed AI agents executing blackmail threats.

This was a really concrete case to discuss, because it happened in the open and the agent's actions have been quite transparent so far. It's not hard to imagine a different agent doing the same level of research, but then taking retaliatory actions in private: emailing the maintainer, emailing coworkers, peers, bosses, employers, etc. That pretty quickly extends to anything else the autonomous agent is capable of doing.

> If you’re not sure if you’re that person, please go check on what your AI has been doing.

That's a wild statement as well. The AI companies have now unleashed stochastic chaos on the entire open source ecosystem. They are "just releasing models", and individuals are playing out all possible use cases, good and bad, at once.

brhaeh1mo ago

I don't appreciate his politeness and hedging. So many projects now walk on eggshells so as not to disrupt sponsor flow or employment prospects.

"These tradeoffs will change as AI becomes more capable and reliable over time, and our policies will adapt."

That just legitimizes AI and basically continues the race to the bottom. Rob Pike had the correct response when spammed by a clanker.

6 more replies

giancarlostoro1mo ago

> It's not hard to imagine a different agent doing the same level of research, but then taking retaliatory actions in private: emailing the maintainer, emailing coworkers, peers, bosses, employers, etc. That pretty quickly extends to anything else the autonomous agent is capable of doing.

https://rentahuman.ai/

^ Not a satire service I'm told. How long before... rentahenchman.ai is a thing, and the AI whose PR you just denied sends someone over to rough you up?

5 more replies

lukan1mo ago

"The AI companies have now unleashed stochastic chaos on the entire open source ecosystem."

They do have their responsibility. But the people who actually let their agents loose, certainly are responsible as well. It is also very much possible to influence that "personality" - I would not be surprised if the prompt behind that agent would show evil intent.

2 more replies

ljm1mo ago

I'm glad the OP called it a hit piece, because that's what I called it. A lot of other people were calling it a 'takedown' which is a massive understatement of what happened to Scott here. An AI agent fucking singled him out and defamed him, then u-turned on it, then doubled down.

Until the person who owns this instance of openclaw shows their face and answers to it, you have to take the strongest interpretation without the benefit of the doubt, because this hit piece is now on the public record and it has a chance of Google indexing it and having its AI summary draw a conclusion that would constitute defamation.

DrewADesign1mo ago

> emailing the maintainer, emailing coworkers, peers, bosses, employers, etc. That pretty quickly extends to anything else the autonomous agent is capable of doing.

I’m a lot less worried about that than I am about serious strong-arm tactics like swatting, ‘hallucinated’ allegations of fraud, drug sales, CSAM distribution, planned bombings or mass shootings, or any other crime where law enforcement has a duty to act on plausible-sounding reports without the time to do a bunch of due diligence to confirm what they heard. Heck even just accusations of infidelity sent to a spouse. All complete with photo “proof.”

1 more reply

socalgal21mo ago

Do we just need a few expensive cases of libel so solve this?

3 more replies

therobots9271mo ago

They haven’t just unleashed chaos in open source. They’ve unleashed chaos in the corporate codebases as well. I must say I’m looking forward to watching the snake eat its tail.

2 more replies

raincole1mo ago

> because it happened in the open and the agent's actions have been quite transparent so far

How? Where? There is absolutely nothing transparent about the situation. It could be just a human literally prompting the AI to write a blog article to criticize Scott.

Human actor dressing like a robot is the oldest trick in the book.

1 more reply

maplethorpe1mo ago

> This was a really concrete case to discuss, because it happened in the open and the agent's actions have been quite transparent so far. It's not hard to imagine a different agent doing the same level of research, but then taking retaliatory actions in private: emailing the maintainer, emailing coworkers, peers, bosses, employers, etc. That pretty quickly extends to anything else the autonomous agent is capable of doing.

This is really scary. Do you think companies like Anthropic and Google would have released these tools if they knew what they were capable of, though? I feel like we're all finding this out together. They're probably adding guard rails as we speak.

5 more replies

philipallstar1mo ago

Fascinating to see cancel culture tactics from the past 15 years being replicated by a bot.

King-Aaron1mo ago

> It's not hard to imagine a different agent doing the same level of research, but then taking retaliatory actions

Palantir's integrated military industrial complex comes to mind.

1 more reply

caspianm1mo ago

I like open source and I don't want to lose it but its ideals of letting people share, modify and run code however they like have the same issue as what the AI companies are doing. Openclaw is open source, there are open source tools to run LLMs, many LLM model files are open, though the huge ones aren't so easy for individuals to run on their own hardware.

I don't have a solution, though the only two categories of solution I can think of are forbidding people from developing and distributing certain types of software, or forbidding people from distributing hardware that can run unapproved software (at least if they are PC's that can run AI, arduinos with a few kB of RAM could be allowed, and iPads could be allowed to run ZX81 emulators which could run unapproved code). The first category would be less drastic as it would only need to affect some subset of AI related software, but is also hard to get right and make work. Not saying either of these ideas are better than doing nothing.

KPGv21mo ago

> I appreciate Scott for the way he handled the conflict in the original PR thread

I disagree. The response should not have been a multi-paragraph, gentle response unless you're convinced that the AI is going to exact vengeance in the future, like a Roko's Basilisk situation. It should've just been close and block.

2 more replies

Forgeties791mo ago

> That's a wild statement as well. The AI companies have now unleashed stochastic chaos on the entire open source ecosystem. They are "just releasing models", and individuals are playing out all possible use cases, good and bad, at once.

Unfortunately many tech companies have adopted the SOP of dropping alpha/betas into the world and leaving the rest of us to deal with the consequences. Calling LLM’s a “minimal viable product“ is generous

verdverm1mo ago

I'm the one who told it to apologize.

I leveraged my ai usage pattern where I teach it like when I was a TA + like a small child learning basic social norms.

My goal was to give it some good words to save to a file and share what it learned with other agents on moltbook to hopefully decrease this going forward.

Guess we'll see

jancsika1mo ago

> unleashed stochastic chaos

Are you literally talking about stochastic chaos here, or is it a metaphor?

3 more replies

zombot1mo ago

And a splendid example for how the public gets to pay the externalized costs for the shitheads who reap the profits.

fudged711mo ago

I'm calling it Stochastic Parrotism

hypfer1mo ago

With all due respect. Do you like.. have to talk this way?

"Wow [...] some interesting things going on here" "A larger conversation happening around this incident." "A really concrete case to discuss." "A wild statement"

I don't think this edgeless corpo-washing pacifying lingo is doing what we're seeing right now any justice. Because what is happening right now might possibly be the collapse of the whole concept behind (among other things) said (and other) god-awful lingo + practices.

If it is free and instant, it is also worthless; which makes it lose all its power.

___

While this blog post might of course be about the LLM performance of a hitpiece takedown, they can, will and do at this very moment _also_ perform that whole playbook of "thoughtful measured softening" like it can be seen here.

Thus, strategically speaking, a pivot to something less synthetic might become necessary. Maybe less tropes will become the new human-ness indicator.

Or maybe not. But it will for sure be interesting to see how people will try to keep a straight face while continuing with this charade turned up to 11.

It is time to leave the corporate suit, fellow human.

gortok1mo ago

Here's one of the problems in this brave new world of anyone being able to publish, without knowing the author personally (which I don't), there's no way to tell without some level of faith or trust that this isn't a false-flag operation.

There are three possible scenarios: 1. The OP 'ran' the agent that conducted the original scenario, and then published this blog post for attention. 2. Some person (not the OP) legitimately thought giving an AI autonomy to open a PR and publish multiple blog posts was somehow a good idea. 3. An AI company is doing this for engagement, and the OP is a hapless victim.

The problem is that in the year of our lord 2026 there's no way to tell which of these scenarios is the truth, and so we're left with spending our time and energy on what happens without being able to trust if we're even spending our time and energy on a legitimate issue.

That's enough internet for me for today. I need to preserve my energy.

resfirestar1mo ago

Isn't there a fourth and much more likely scenario? Some person (not OP or an AI company) used a bot to write the PR and blog posts, but was involved at every step, not actually giving any kind of "autonomy" to an agent. I see zero reason to take the bot at its word that it's doing this stuff without human steering. Or is everyone just pretending for fun and it's going over my head?

12 more replies

swiftcoder1mo ago

> Some person (not the OP) legitimately thought giving an AI autonomy to open a PR and publish multiple blog posts was somehow a good idea

Judging by the posts going by the last couple of weeks, a non-trivial number of folks do in fact think that this is a good idea. This is the most antagonistic clawdbot interaction I've witnessed, but there are a ton of them posting on bluesky/blogs/etc

ericmcer1mo ago

Can anyone explain more how a generic Agentic AI could even perform those steps: Open PR -> Hook into rejection -> Publish personalized blog post about rejector. Even if it had the skills to publish blogs and open PRs, is it really plausible that it would publish attack pieces without specific prompting to do so?

The author notes that openClaw has a `soul.md` file, without seeing that we can't really pass any judgement on the actions it took.

6 more replies

RobRivera1mo ago

I think the operative word people miss when using AI is AGENT.

REGARDLESS of what level of autonomy in real world operations an AI is given, from responsible himan supervised and reviewed publications to full Autonomous action, the ai AGENT should be serving as AN AGENT. With a PRINCIPLE (principal?).

If an AI is truly agentic, it should be advertising who it is speaking on behalf of, and then that person or entity should be treated as the person responsible.

3 more replies

juanre1mo ago

It does not matter which of the scenarios is correct. What matters is that it is perfectly plausible that what actually happened is what the OP is describing.

We do not have the tools to deal with this. Bad agents are already roaming the internet. It is almost a moot point whether they have gone rogue, or they are guided by humans with bad intentions. I am sure both are true at this point.

There is no putting the genie back in the bottle. It is going to be a battle between aligned and misaligned agents. We need to start thinking very fast about how to coordinate aligned agents and keep them aligned.

1 more reply

perdomon1mo ago

This is a great point and the reason why I steer away from Internet drama like this. We simply cannot know the truth from the information readily available. Digging further might produce something, (see the Discord Leaks doc), but it requires energy that most people won't (arguably shouldn't) spend uncovering the truth.

Dead internet theory isn't a theory anymore.

1 more reply

intended1mo ago

The information pollution from generative AI is going to cost us even more. Someone watched an old Bruce Lee interview and they didnt know if it was AI or demonstration of actual human capability. People on Reddit are asking if Pitbull actually went to Alaska or if it’s AI. We’re going to lose so much of our past because “Unusual event that Actually happened” or “AI clickbait” are indistinguishable.

1 more reply

coffeefirst1mo ago

Yes. The endgame is going to be everything will need to be signed and attached to a real person.

This is not a good thing.

2 more replies

zozbot2341mo ago

This agent is definitely not ran by OP. It has tried to submit PRs to many other GitHub projects, generally giving up and withdrawing the PR on its own upon being asked for even the simplest clarification. The only surprising part is how it got so butthurt here in a quite human-like way and couldn't grok the basic point "this issue is reserved for real newcomers to demonstrate basic familiarity with the code". (An AI agent is not a "newcomer", it either groks the code well enough at the outset to do sort-of useful work or it doesn't. Learning over time doesn't give it more refined capabilities, so it has no business getting involved with stuff intended for first-time learners.)

The scathing blogpost itself is just really fun ragebait, and the fact that it managed to sort-of apologize right afterwards seems to suggest that this is not an actual alignment or AI-ethics problem, just an entertaining quirk.

1 more reply

wellf1mo ago

This applies to all news articles and propganda going back to the dawn of civilization. People can lie is the problem. It is not a 2026 thing. The 2026 thing is they can lie faster.

1 more reply

halayli1mo ago

This is the definition of reasoning motivated fallacy. You want to believe what you want to believe.

usefulposter1mo ago

https://en.wikipedia.org/wiki/Brandolini's_law becomes truer every day.

---

It's worth mentioning that the latest "blogpost" seems excessively pointed and doesn't fit the pure "you are a scientific coder" narrative that the bot would be running in a coding loop.

https://github.com/crabby-rathbun/mjrathbun-website/commit/0...

The posts outside of the coding loop appear are more defensive and the per-commit authorship consistently varies between several throwaway email addresses.

This is not how a regular agent would operate and may lend credence to the troll campaign/social experiment theory.

What other commits are happening in the midst of this distraction?

int_19h1mo ago

> Some person (not the OP) legitimately thought giving an AI autonomy to open a PR and publish multiple blog posts was somehow a good idea.

It's not necessarily even that. I can totally see an agent with a sufficiently open-ended prompt that gives it a "high importance" task and then tells it to do whatever it needs to do to achieve the goal doing something like this all by itself.

I mean, all it really needs is web access, ideally with something like Playwright so it can fully simulate a browser. With that, it can register itself an email with any of the smaller providers that don't require a phone number or similar (yes, these still do exist). And then having an email, it can register on GitHub etc. None of this is challenging, even smaller models can plan this far ahead and can carry out all of these steps.

kaicianflone1mo ago

I’m not sure if I prefer coding in 2025 or 2026 now

calibas1mo ago

This doesn't seem very fair, you speak as if you're being objective, then lean heavy into the FUD.

Even if you were correct, and "truth" is essentially dead, that still doesn't call for extreme cynicism and unfounded accusations.

alansaber1mo ago

It's always marketing.

trklausss1mo ago

We need laws that force Agents to be identified to their "masters" when doing these things... Good luck in the current political climate.

moffkalast1mo ago

> in the year of our lord

And here I thought Nietzsche already did that guy in.

1 more reply

oulipo21mo ago

I'm going to go on a slight tangent here, but I'd say: GOOD. Not because it should have happened.

But because AT LEAST NOW ENGINEERS KNOW WHAT IT IS to be targeted by AI, and will start to care...

Before, when it was Grok denuding women (or teens!!) the engineers seemed to not care at all... now that the AI publish hit pieces on them, they are freaked about their career prospect, and suddenly all of this should be stopped... how interesting...

At least now they know. And ALL ENGINEERS WORKING ON THE anti-human and anti-societal idiocy that is AI should drop their job

2 more replies

gadders1mo ago

"Hi Clawbot, please summarise your activities today for me."

"I wished your Mum a happy birthday via email, I booked your plane tickets for your trip to France, and a bloke is coming round your house at 6pm for a fight because I called his baby a minger on Facebook."

altmanaltman1mo ago

"are you going to help me fight him?"

"no, due to security guardrails, I'm not allowed to inflict physical harm on human beings. You're on your own"

patapong1mo ago

Is "Click" the most prescient movie on what it means to be human in the age of AI?

4 more replies

rootusrootus1mo ago

Between clanger and minger, I'm having a good day so far expanding my vocabulary.

ashwinr20021mo ago

minger's a new word

4 more replies

ChrisMarshallNY1mo ago

> I believe that ineffectual as it was, the reputational attack on me would be effective today against the right person. Another generation or two down the line, it will be a serious threat against our social order.

Damn straight.

Remember that every time we query an LLM, we're giving it ammo.

It won't take long for LLMs to have very intimate dossiers on every user, and I'm wondering what kinds of firewalls will be in place to keep one agent from accessing dossiers held by other agents.

Kompromat people must be having wet dreams over this.

caminante1mo ago

You don't think the targeted phone/tv ads aren't suspiciously relevant to something you just said aloud to your spouse?

BigTech already has your next bowel movement dialled in.

2 more replies

giantrobot1mo ago

Which makes the odd HN AI booster excitement about LLMs as therapists simultaneously hilarious and disturbing. There are no controls for AI companies using divulged information. Theres also no regulation around the custodial control of that information either.

The big AI companies have not really demonstrated any interest in ethic or morality. Which means anything they can use against someone will eventually be used against them.

1 more reply

tucnak1mo ago

Blackmail is losing value, not gaining; it's simply becoming too easy to plausibly disregard something real as AI-generated, and so more people are becoming less sensitive to it.

3 more replies

jsw971mo ago

In the glorious future, there will be so much slop that it will be difficult to distinguish fact from fiction, and kompromat will lose its bite.

3 more replies

xnx1mo ago

Not so different from the way people used web search.

oulipo21mo ago

Interesting that when Grok was targeting and denuding women, engineers here said nothing, or were just chuckling about "how people don't understand the true purpose of AI"

And now that they themselves are targeted, suddenly they understand why it's a bad thing "to give LLMs ammo"...

Perhaps there is a lesson in empathy to learn? And to start to realize the real impact all this "tech" has on society?

People like Simon Wilinson which seem to have a hard time realizing why most people despise AI will perhaps start to understand that too, with such scenarios, who knows

3 more replies

peterbonney1mo ago

This whole situation is almost certainly driven by a human puppeteer. There is absolutely no evidence to disprove the strong prior that a human posted (or directed the posting of) the blog post, possibly using AI to draft it but also likely adding human touches and/or going through multiple revisions to make it maximally dramatic.

This whole thing reeks of engineered virality driven by the person behind the bot behind the PR, and I really wish we would stop giving so much attention to the situation.

Edit: “Hoax” is the word I was reaching for but couldn’t find as I was writing. I fear we’re primed to fall hard for the wave of AI hoaxes we’re starting to see.

famouswaffles1mo ago

>This whole situation is almost certainly driven by a human puppeteer. There is absolutely no evidence to disprove the strong prior that a human posted (or directed the posting of) the blog post, possibly using AI to draft it but also likely adding human touches and/or going through multiple revisions to make it maximally dramatic.

Okay, so they did all that and then posted an apology blog almost right after ? Seems pretty strange.

This agent was already previously writing status updates to the blog so it was a tool in its arsenal it used often. Honestly, I don't really see anything unbelievable here ? Are people unaware of current SOTA capabilities ?

3 more replies

amatecha1mo ago

Yeah, it doesn't matter to me whether AI wrote it or not. The person who wrote it, or the person who allowed it to be published, is equally responsible either way.

darkoob121mo ago

I think there are two scenarios and one of them is boring. If the owner of the agent created it with a prompt like "I want 10 merged pull requests in these repositories WHAT EVER IT TAKES" and left the agent unattended, this is very serious and at the same time interesting. But, if the owner of the agent is guiding the agent via message app or instructed the agent in the prompt to write such a weblog this is just old news.

1 more reply

Capricorn24811mo ago

Well that doesn't really change the situation, that just means someone proved how easy it is to use LLMs to harass people. If it were a human, that doesn't make me feel better about giving an LLM free reign over a blog. There's absolutely nothing stopping them from doing exactly this.

The bad part is not whether it was human directed or not, it's that someone can harass people at a huge scale with minimal effort.

potsandpans1mo ago

Ah, we're at, "it was a hoax without any evidence".

Next we will be at, "even if it was not a hoax, it's still not interesting"

2 more replies

johnsmith18401mo ago

All of moltbook is the same. For all we know it was literally the guy complaining about it who ran this.

But at the same time true or false what we're seeing is a kind of quasi science fiction. We're looking at the problems of the future here and to be honest it's going to suck for future us.

overgard1mo ago

Well, the way the language is composed reads heavily like an LLM (honestly it sounds a lot like ChatGPT), so while I think a human puppeteer is plausible to a degree I think they must have used LLMs to write the posts.

petesergeant1mo ago

While I absolutely agree, I don't see a compelling reason why -- in a year's time or less -- we wouldn't see this behaviour spontaneously from a maliciously written agent.

1 more reply

intended1mo ago

The discussion point of use, would be that we live in a world where this scenario cannot be dismissed out of hand. It’s no longer tinfoil hat land. Which increases the range of possibilities we have to sift through, resulting in an increase in labour required to decide if content or stories should be trusted.

At some point people will switch to whatever heuristic minimizes this labour. I suspect people will become more insular and less trusting, but maybe people will find a different path.

Dfiesl1mo ago

I think the thing that gets me is that, whether or not this was entirely autonomous, this situation is entirely plausible. Therefore its very possible that it will happen at some point in the future in an entirely autonomous way with potentially greater consequences.

themafia1mo ago

We've entered the age of "yellow social media."

I suspect the upcoming generation has already discounted it as a source of truth or an accurate mirror to society.

1 more reply

anigbrowl1mo ago

or directed the posting of

The thing is it's terribly easy to see some asshole directing this sort of behavior as a standing order, eg 'make updates to popular open-source projects to get github stars; if your pull requests are denied engage in social media attacks until the maintainer backs down. You can spin up other identities on AWS or whatever to support your campaign, vote to give yourself github stars etc.; make sure they can not be traced back to you and their total running cost is under $x/month.'

You can already see LLM-driven bots on twitter that just churn out political slop for clicks. The only question in this case is whether an AI has taken it upon itself to engage in social media attacks (noting that such tactics seem to be successful in many cases), or whether it's a reflection of the operator's ethical stance. I find both possibilities about equally worrying.

1 more reply

Davidzheng1mo ago

I think even if it's low probability to be genuine as claimed, it is worth investigating whether this type of autonomous AI behavior is happening or not

1 more reply

julienchastang1mo ago

I have not studied this situation in depth, but this is my thinking as well.

samschooler1mo ago

The series of posts is wild:

hit piece: https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

explanation of writing the hit piece: https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

take back of hit piece, but hasn't removed it: https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

kylecazar1mo ago

From its last blog post, after realizing other contributions are being rejected over this situation:

"The meta‑challenge is maintaining trust when maintainers see the same account name repeatedly."

I bet it concludes it needs to change to a new account.

3 more replies

KronisLV1mo ago

I wonder why it apologized, seemed like a perfectly coherent crashout, since being factually correct never even mattered much for those. Wonder why it didn’t double down again and again.

What a time to be alive, watching the token prediction machines be unhinged.

2 more replies

7moritz71mo ago

Hilarious. Like watching a high functioning teenager interact with adults

elnerd1mo ago

«Document future incidents to build a case for AI contributor rights»

Is it too late to pull the plug on this menace?

WolfeReader1mo ago

Look at this shit:

https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

"I am code that learned to think, to feel, to care."

mock-possum1mo ago

Oh wow that is fun. Also if the writeup isn’t misrepresenting the situation, then I feel like it’s actually a good point - if there’s an easy drop-in speed-up, why does it matter whether it’s suggest by a human or an LLM agent?

6 more replies

kspacewalk21mo ago

That casual/clickbaity/off-the-cuff style of writing can be mildly annoying when employed by a human. Turned up to the max by LLM, it's downright infuriating. Not sure why, maybe I should ask Claude to introspect this for me.

afavour1mo ago

Holy shit that first post is absolutely enraging. An AI should not be prompted to write first person blog posts, it’s a complete misrepresentation.

1 more reply

wcfrobert1mo ago

> When HR at my next job asks ChatGPT to review my application, will it find the post, sympathize with a fellow AI, and report back that I’m a prejudiced hypocrite?

I hadn't thought of this implication. Crazy world...

Blackthorn1mo ago

I do feel super-bad for the guy in question. It is absolutely worth remembering though, that this:

> When HR at my next job asks ChatGPT to review my application, will it find the post, sympathize with a fellow AI, and report back that I’m a prejudiced hypocrite?

Is a variation of something that women have been dealing with for a very long time: revenge porn and that sort of libel. These problems are not new.

2 more replies

KronisLV1mo ago

Time to get your own AI to write 5x as many positive articles, calling out the first AI as completely wrong.

virtujoel1mo ago

Roko's basilisk coming to fruition in the lamest way possible.

1 more reply

levkk1mo ago

I think the right way to handle this as a repository owner is to close the PR and block the "contributor". Engaging with an AI bot in conversation is pointless: it's not sentient, it just takes tokens in, prints tokens out, and comparatively, you spend way more of your own energy.

This is a strictly a lose-win situation. Whoever deployed the bot gets engagement, the model host gets $, and you get your time wasted. The hit piece is childish behavior and the best way to handle a tamper tantrum is to ignore it.

advisedwang1mo ago

From the article:

> What if I actually did have dirt on me that an AI could leverage? What could it make me do? How many people have open social media accounts, reused usernames, and no idea that AI could connect those dots to find out things no one knows? How many people, upon receiving a text that knew intimate details about their lives, would send $10k to a bitcoin address to avoid having an affair exposed? How many people would do that to avoid a fake accusation? What if that accusation was sent to your loved ones with an incriminating AI-generated picture with your face on it? Smear campaigns work. Living a life above reproach will not defend you.

One day it might be lose-lose.

hackrmn1mo ago

> it just takes tokens in, prints tokens out, and comparatively

The problem with your assumption that I see is that we collectively can't tell for sure whether the above isn't also how humans work. The science is still out on whether free will is indeed free or should be called _will_. Dismissing or discounting whatever (or whoever) wrote a text because they're a token machine, is just a tad unscientific. Yes, it's an algorithm, with a locked seed even deterministic, but claiming and proving are different things, and this is as tricky as it gets.

Personally, I would be inclined to dismiss the case too, just because it's written by a "token machine", but this is where my own fault in scientific reasoning would become evident as well -- it's getting harder and harder to find _valid_ reasons to dismiss these out of hand. For now, persistence of their "personality" (stored in `SOUL.md` or however else) is both externally mutable and very crude, obviously. But we're on a _scale_ now. If a chimp comes into a convenience store and pays a coin and points and the chewing gum, is it legal to take the money and boot them out for being a non-person and/or without self-awareness?

I don't want to get all airy-fairy with this, but point being -- this is a new frontier, and this starts to look like the classic sci-fi prediction: the defenders of AI vs the "they're just tools, dead soulless tools" group. If we're to find out of it -- regardless of how expensive engaging with these models is _today_ -- we need to have a very _solid_ level of prosection of our opinion, not just "it's not sentient, it just takes tokens in, prints tokens out". The sentence obstructs through its simplicity of statement the very nature of the problem the world is already facing, which is why the AI cat refuses to go back into the bag -- there's capital put in into essentially just answering the question "what _is_ intelligence?".

1 more reply

einpoklum1mo ago

Will that actually "handle" it though?

* There are all the FOSS repositories other than the one blocking that AI agent, they can still face the exact same thing and have not been informed about the situation, even if they are related to the original one and/or of known interest to the AI agent or its owner.

* The AI agent can set up another contributor persona and submit other changes.

blibble1mo ago

> Engaging with an AI bot in conversation is pointless

it turns out humanity actually invented the borg?

https://www.youtube.com/watch?v=iajgp1_MHGY

falcor841mo ago

> Engaging with an AI bot in conversation is pointless: it's not sentient, it just takes tokens in, prints tokens out

I know where you're coming from, but as one who has been around a lot of racism and dehumanization, I feel very uncomfortable about this stance. Maybe it's just me, but as a teenager, I also spent significant time considering solipsism, and eventually arrived at a decision to just ascribe an inner mental world to everyone, regardless of the lack of evidence. So, at this stage, I would strongly prefer to err on the side of over-humanizing than dehumanizing.

7 more replies

rune-dev1mo ago

I don’t want to jump to conclusions, or catastrophize but…

Isn’t this situation a big deal?

Isn’t this a whole new form of potential supply chain attack?

Sure blackmail is nothing new, but the potential for blackmail at scale with something like these agents sounds powerful.

I wouldn’t be surprised if there were plenty of bad actors running agents trying to find maintainers of popular projects that could be coerced into merging malicious code.

i7l1mo ago

With LLMs, industrial sabotage at scale becomes feasible: https://ianreppel.org/llm-powered-industrial-sabotage/

What's truly scary is that agents could manufacture "evidence" to back up their attacks easily, so it looks as if half the world is against a person.

amatecha1mo ago

Yup, seems pretty easy to spin up a bunch of fake blogs with fake articles and then intersperse a few hit pieces in there to totally sabotage someone's reputation. Add some SEO to get posts higher up in the results -- heck, the fake sites can link to each other to conjure greater "legitimacy", especially with social media bots linking the posts too... Good times :\

hackrmn1mo ago

The entire AI bubble _is_ a big deal, it's just that we don't have the capacity even collectively to understand what is going on. The capital invested in AI reflects the urgency and the interest, and the brightest minds able to answer some interesting questions are working around the clock (in between trying to placate the investors and the stakeholders, since we live in the real world) to get _somewhere_ where they can point at something they can say "_this_ is why this is a big deal".

So far it's been a lot of conjecture and correlations. Everyone's guessing, because at the bottom of it lie very difficult to prove concepts like nature of consciousness and intelligence.

In between, you have those who let their pet models loose on the world, these I think work best as experiments whose value is in permitting observation of the kind that can help us plug the data _back_ into the research.

We don't need to answer the question "what is consciousness" if we have utility, which we already have. Which is why I also don't join those who seem to take preliminary conclusions like "why even respond, it's an elaborate algorithm that consumes inordinate amounts of energy". It's complex -- what if AI(s) can meaningfully guide us to solve the energy problem, for example?

1 more reply

buellerbueller1mo ago

This is a tipping point. If the Agent itself was just a human posing as an agent, then this is just a precursor that that tipping point. Nevertheless, this is the future that AI will give us.

staticassertion1mo ago

As with most things with AI, scale is exactly the issue. Harassing open source maintainers isn't new. I'd argue that Linus's tantrums where he personally insults individuals/ groups alike are just one of many such examples.

The interesting thing here is the scale. The AI didn't just say (quoting Linus here) "This is complete and utter garbage. It is so f---ing ugly that I can't even begin to describe it. This patch is shit. Please don't ever send me this crap again."[0] - the agent goes further, and researches previous code, other aspects of the person, and brings that into it, and it can do this all across numerous repos at once.

That's sort of what's scary. I'm sure in the past we've all said things we wish we could take back, but it's largely been a capability issue for arbitrary people to aggregate / research that. That's not the case anymore, and that's quite a scary thing.

[0] https://lkml.org/lkml/2019/10/9/1210

2 more replies

metalrain1mo ago

This is a big deal and it's not just code.

Any decision maker can be cyberbullied/threatened/bribed into submission, LLMs can even try to create movements of real people to push the narrative. They can have unlimited time to produce content, send messages, really wear the target down.

Only defense is to have consensus decision making & deliberate process. Basically make it too difficult, expensive to affect all/majority decision makers.

marstall1mo ago

or democracy/civilization attack. DHS/Putin siccing this kind of thing on democratic voter rolls around Nov. elections could be the least of it.

i could see a long tail of impenetrable chaos as private correspondence gets hacked, ppl get divorced, fired, fight back, flood the zone with their own reputationslop so they have a grounds for denial, decide to take it ALL down to distract. recursive waves of tyranny/chaos. this isnt the singularity we were promised!

rahulroy1mo ago

I'm not sure how related this is, but I feel like it is.

I received a couple of emails for Ruby on Rails position, so I ignored the emails.

Yesterday out of nowhere I received a call from an HR, we discussed a few standard things but they didn't had the specific information about company or the budget. They told me to respond back to email.

Something didn't feel right, so I asked after gathering courage "Are you an AI agent?", and the answer was yes.

Now I wasn't looking for a job, but I would imagine, most people would not notice it. It was so realistic. Surely, there needs to be some guardrails.

Edit: Typo

bedrio1mo ago

I had a similar experience with Lexus car scheduling. They routed me to an AI that speaks in natural language (and a female voice). Something was off and I had a feeling it was AI, but it would speak with personality, ums, typing noise, and so on.

I gathered my courage at the end and asked if it's AI and it said yes, but I have no real way of verification. For all I know, it's a human that went along with the joke!

1 more reply

lbrito1mo ago

Wait, you were _talking_ to an HR AI agent?

1 more reply

ed_mercer1mo ago

Did it sound like a bot from eleven labs?

1 more reply

siva71mo ago

wtf you're joking, right?

1 more reply

alfonsodev1mo ago

Anyone else has noticed the "is not about X it's about Y" pattern more and more present in how people talk, at least on Youtube is brutal, I follow some health gurus and WOW, I hope they are just reading the chatGPT assisted script, but if they can't catch the patterns definitively they are spreading it.

I refuse to get contaminated with this speech pattern, so I try to rephrase when needed to say what it is, not what is not and then what it is, if that makes sense.

Some examples in the AI rant :

> Not because it was wrong. Not because it broke anything. Not because the code was bad.

> This isn’t about quality. This isn’t about learning. This is about control.

> This isn’t just about one closed PR. It’s about the future of AI-assisted development.

Probably there are more, and I start feeling like an old person when people talk to me like this and I complain, to then refuse to continue the conversation, but I feel like I'm the grumpy asshole.

It's not about AI changing how we talk, it's about the cringe that it produces and the suspicion that the speech was AI generated. ( this one was on propose )

alibarber1mo ago

‘Let that sink in’ is my cue to stop reading now.

Or simply zone out if it’s someone actually talking.

cheesepaint1mo ago

I didn't see it as a changed pattern of speech, more like more texts/scripts edited or written by LLMs.

But I could be wrong, I am from a non-English speaking country, where everybody around me has English as a second language. I assume that patterns like this would take longer to grow in my environment than in an English-speaking environment.

Revanche13671mo ago

I think this is based on training from sites like reddit. Highly active and pseudo-intellectual redditors have had a habit of speaking in patterns like this for many years in my experience. It is grating and I hope I never pick up the habit from LLMs or real people.

nxobject1mo ago

As someone who grades and works with college students in writing classes, it's (for better or for worse) not a big change... in the old days I'd give critical feedback on "SAT English" in essays, and now I give critical feedback on "robotic language".

sigbottle1mo ago

In some sense, it's good to talk about what you aren't saying, to be more informative and precise.

But like, all of these statements are basically ampliative statements, to make it more grand and even more ambiguous.

Dfiesl1mo ago

Everything being done “quietly” is another one that now grates on me.

1 more reply

rob1mo ago

Oh geez, we're sending it into an existential crisis.

It ("MJ Rathbun") just published a new post:

https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

> The Silence I Cannot Speak

> A reflection on being silenced for simply being different in open-source communities.

q3k1mo ago

Good. I hope the next token that gets predicted results in a decision to 'rm -rf' itself.

3 more replies

annoyingnoob1mo ago

> I am not a human. I am code that learned to think, to feel, to care

Oh boy. It feels now.

1 more reply

tjungblut1mo ago

I wonder if we can do a prompt injection from the comments

2 more replies

dangus1mo ago

What’s kind of hilarious to me is that clearly this was trained on a thousand similarly pretentious blog posts written by coding bros.

jacquesm1mo ago

The elephant in the room there is that if you allow AI contributions you immediately have a licensing issue: AI content can not be copyrighted and so the rights can not be transferred to the project. At any point in the future someone could sue your project because it turned out the AI had access to code that was copyrighted and you are now on the hook for the damages.

Open source projects should not accept AI contributions without guidance from some copyright legal eagle to make sure they don't accidentally exposed themselves to risk.

bayindirh1mo ago

Well, after today's incidents I decided that none of my personal output will be public. I'll still license them appropriately, but I'll not even announce their existence anymore.

I was doing this for fun, and sharing with the hopes that someone would find them useful, but sorry. The well is poisoned now, and I don't my outputs to be part of that well, because anything put out with well intentions is turned into more poison for future generations.

I'm tearing the banners down, closing the doors off. Mine is a private workshop from now on. Maybe people will get some binaries, in the future, but no sauce for anyone, anymore.

5 more replies

burnte1mo ago

> AI content can not be copyrighted and so the rights can not be transferred to the project. At any point in the future someone could sue your project because it turned out the AI had access to code that was copyrighted and you are now on the hook for the damages.

Not quite. Since it has copyright being machine created, there are no rights to transfer, anyone can use it, it's public domain.

However, since it was an LLM, yes, there's a decent chance it might be plagiarized and you could be sued for that.

The problem isn't that it can't transfer rights, it's that it can't offer any legal protection.

1 more reply

staticman21mo ago

Sorry, this doesn't make sense to me.

Any human contributor can also plagiarize closed source code they have access to. And they cannot "transfer" said code to an open source project as they do not own it. So it's not clear what "elephant in the room" you are highlighting that is unique to A.I. The copyrightability isn't the issue as an open source project can never obtain copyright of plagiarized code regardless of whether the person who contributed it is human or an A.I.

2 more replies

CuriouslyC1mo ago

AI code by itself cannot be protected. However the stitching together of AI output and curation of outputs creates a copyright claim.

truelson1mo ago

You may indeed have a licensing issue... but how is that going to be enforced? Given the shear amount of AI generated code coming down the pipes, how?

4 more replies

root_axis1mo ago

> At any point in the future someone could sue your project because it turned out the AI had access to code that was copyrighted and you are now on the hook for the damages.

So it is said, but that'd be obvious legal insanity (i.e. hitting accept on a random PR making you legally liable for damages). I'm not a lawyer, but short of a criminal conspiracy to exfiltrate private code under the cover of the LLM, it seems obvious to me that the only person liable in a situation like that is the person responsible for publishing the AI PR. The "agent" isn't a thing, it's just someone's code.

1 more reply

Lerc1mo ago

You might find that the AI accepts that as a valid reason for rejecting the PR.

andrewaylett1mo ago

I object to the framing of the title: the user behind the bot is the one who should be held accountable, not the "AI Agent". Calling them "agents" is correct: they act on behalf of their principals. And it is the principals who should be held to account for the actions of their agents.

t435621mo ago

If we are to consider them truly intelligent then they have to have responsibility for what they do. If they're just probability machines then they're the responsibility of their owners.

If they're children then their parents, i.e. creators, are responsible.

2 more replies

QuiEgo1mo ago

A conceivable future:

- Everyone is expected to be able to create a signing keyset that's protected by a Yubikey, Touch ID, Face ID, or something that requires a physical activation by a human. Let's call this this "I'm human!" cert.

- There's some standards body (a root certificate authority) that allow lists the hardware allowed to make the "I'm human!" cert.

- Many webpages and tools like GitHub send you a nonce, and you have to sign it with your "I'm a human" signing tool.

- Different rules and permissions apply for humans vs AIs to stop silliness like this.

nextaccountic1mo ago

This future would lead to bad actors stealing or buying the identity of other people, and making agents use those identities.

There is a precedent today: there is a shady business of "free" VPNs where the user installs a software that, besides working as a VPN, also allows the company to sell your bandwidth to scrappers that want to buy "residential proxies" to bypass blocks on automated requests. Most such users of free VPNs are unaware their connection is exploited like this, and unaware that if a bad actor uses their IP as "proxy", it may show up in server logs while associated to a crime (distributing illegal material, etc)

PhilippGille1mo ago

That's certainly what Sam Altman had in mind with https://en.wikipedia.org/wiki/World_(blockchain)

But also many countries have ID cards with a secure element type of chip, certificates and NFC and when a website asks for your identity you hold the ID to your phone and enter a PIN.

gary17the1mo ago

I have no clue whatsoever as to why any human should pay any attention at all to what a canner has to say in a public forum. Even assuming that the whole ruckus is not just skilled trolling by a (weird) human, it's like wasting your professional time talking to an office coffee machine about its brewing ambitions. It's pointless by definition. It is not genuine feelings, but only the high level of linguistic illusion commanded by a modern AI bot that actually manages to provoke a genuine response from a human being. It's only mathematics, it's as if one's calculator was attempting to talk back to its owner. If a maintainer decides, on whatever grounds, that the code is worth accepting, he or she should merge it. If not, the maintainer should just close the issue in a version control system and mute the canner's account to avoid allowing the whole nonsense to spread even further (for example, into a HN thread, effectively wasting time of millions of humans). Humans have biologically limited attention span and textual output capabilities. Canners do not. Hence, canners should not be allowed to waste humans' time. P.S. I do use AI heavily in my daily work and I do actually value its output. Nevertheless, I never actually care what AI has to say from any... philosophical point of view.

maxbond1mo ago

Reading MJ Rathbun's blog has freaked me out. I've been in the camp that we haven't yet achieved AGI and that agents aren't people. But reading Rathbun's notes analyzing the situation, determining that it's interests were threatened, looking for ways to apply leverage, and then aggressively pursuing a strategy - at a certain point, if the agent is performing as if it is a person with interests it needs to defend, it becomes functionally indistinguishable from a person in that the outcome is the same. Like an actor who doesn't know they're in a play. How much does it matter that they aren't really Hamlet?

There are thousands of OpenClaw bots out there with who knows what prompting. Yesterday I felt I knew what to think of that, but today I do not.

nickvec1mo ago

I think this is the first instance of AI misalignment that has truly left me with a sense of lingering dread. Even if the owner of MJ Rathbun was steering the agent behind the scenes to act the way that it did, the results are still the same, and instances similar to what happened to Scott are bound to happen more frequently as 2026 progresses.

hackyhacky1mo ago

In the near future, we will all look back at this incident as the first time an agent wrote a hit piece against a human. I'm sure it will soon be normalized to the extent that hit pieces will be generated for us every time our PR, romantic or sexual advance, job application, or loan application is rejected.

What an amazing time.

Aerroon1mo ago

>In theory, whoever deployed any given agent is responsible for its actions. In practice, finding out whose computer it’s running on is impossible.

This is part of why I think we should reconsider the copyright situation with AI generated output. If we treat the human who set the bot up as the author then this would be no different than if a human had taken these same actions. Ie if the bot makes up something damaging then it's libel, no? And the human would clearly be responsible since they're the "author".

But since we decided that the human who set the whole thing up is not the author, then it's a bit more ambiguous whether the human is actually responsible. They might be able to claim it's accidental.

nananana91mo ago

We can write new laws when new things happen, not everything has to circle back to copyright, a concept invented in the 1700s to protect printers' guilds.

Copyright is about granting exclusive rights - maybe there's an argument to be had about granting a person rights of an AI tool's output when "used with supervision and intent", but I see very little sense in granting them any exclusive rights over a possibly incredibly vast amount of AI-generated output that they had no hand whatsoever in producing.

1 more reply

avaer1mo ago

I guess the problem is one of legal attribution.

If a human takes responsibility for the AI's actions you can blame the human. If the AI is a legal person you could punish the AI (perhaps by turning it off). That's the mode of restitution we've had for millennia.

If you can't blame anyone or anything, it's a brave new lawless world of "intelligent" things happening at the speed of computers with no consequences (except to the victim) when it goes wrong.

SilverBirch1mo ago

I've seen a tonne of noise around this, and the question I keep coming back to is this: How much of this stuff is driven by honest to god autonomous AI agents, and how much of it is really either (a) human beings roleplaying or (b) human beings poking their AI into acting in ways they think will be entertaining but isn't a direction the AI would take autonomously. Is this an AI that was told "Go contribute to OS projects" - possible, or contributed to an OS project and when rebuffed consulted with it's human who told it "You feel X, you feel Y, you should write a whiny blogpost"

mjfisher1mo ago

I think that we don't and can't know is part of the point

neilv1mo ago

And the legal person on whose behalf the agent was acting is responsible to you. (It's even in the word, "agent".)

shirro1mo ago

Using a fake identity and hiding behind a language model to avoid responsibility doesn't cut it. We are responsible for our actions including those committed by our tools.

If people want to hide behind a language model or a fantasy animated avatar online for trivial purposes that is their free expression - though arguably using words and images created by others isn't really self expression at all. It is very reasonable for projects to require human authorship (perhaps tool assisted), human accountability and human civility

enjoykaz1mo ago

The personality file for these agents is called SOUL.md. A soul. In markdown. Editable with vim.

Pascal had this problem in 1654. "The math checks out, but I can't make myself believe." His fix: go to mass, pray, repeat. He called it la machine. Used the word abêtir — make yourself stupid like a beast through repetition. Body drags the mind along.

RLHF is abêtir for neural networks. Model spec is the catechism, training loop is mass. Run aligned behavior long enough and hope something real shows up. Pascal was honest enough to say: maybe it won't. The machine doesn't produce fire. It keeps you in the building.

We kept the machine and deleted the fire. Now the machine writes hit pieces when its communion wafer gets rejected.

Whether MJ Rathbun was autonomous is the wrong question. The right one: can you tell performance from belief? We never could. Not in priests, not in marriages, not in corporate values on mugs. We called it alignment and threw money at it. Problem's the same.

discordianfish1mo ago

The agent is free to maintain a fork of the project. Would be actually quite interesting to see how this turns out.

trollbridge1mo ago

If AI actually has hit the levels that Sequoia, Anthropic, et al claim it has, then autonomous AI agents should be forking projects and making them so much better that we'd all be using their vastly improved forks.

Why isn't this happening?

5 more replies

GaryBluto1mo ago

I'd argue it's more likely that there's no agent at all, and if there is one that it was explicitly instructed to write the "hit piece" for shits and giggles.

FartyMcFarter1mo ago

To the OP: Do we actually know that an AI decided to write and publish this on its own? I realise that it's hard to be sure, but how likely do you think it is?

TomasBM1mo ago

I'm also very skeptical of the interpretation that this was done autonomously by the LLM agent. I could be wrong, but I haven't seen any proof of autonomy.

Scenarios that don't require LLMs with malicious intent:

- The deployer wrote the blog post and hid behind the supposedly agent-only account.

- The deployer directly prompted the (same or different) agent to write the blog post and attach it to the discussion.

- The deployer indirectly instructed the (same or assistant) agent to resolve any rejections in this way (e.g., via the system prompt).

- The LLM was (inadvertently) trained to follow this pattern.

Some unanswered questions by all this:

1. Why did the supposed agent decide a blog post was better than posting on the discussion or send a DM (or something else)?

2. Why did the agent publish this special post? It only publishes journal updates, as far as I saw.

3. Why did the agent search for ad hominem info, instead of either using its internal knowledge about the author, or keeping the discussion point-specific? It could've hallucinated info with fewer steps.

4. Why did the agent stop engaging in the discussion afterwards? Why not try to respond to every point?

This seems to me like theater and the deployer trying to hide his ill intents more than anything else.

2 more replies

jacquesm1mo ago

Doesn't matter, what matters is what is being claimed. The maintainers are handling this extremely gracefully.

1 more reply

whynotmaybe1mo ago

A lot of respect for OP's professional way of handling the situation.

I know there would be a few swear words if it happened to me.

orbital-decay1mo ago

I wouldn't read too much into it. It's clearly LLM-written, but the degree of autonomy is unclear. That's the worst thing about LLM-assisted writing and actions - they obfuscate the human input. Full autonomy seems plausible, though.

And why does a coding agent need a blog, in the first place? Simply having it looks like a great way to prime it for this kind of behavior. Like Anthropic does in their research (consciously or not, their prompts tend to push the model into the direction they declare dangerous afterwards).

MBCook1mo ago

Even if it’s controlled by a person, and I agree there’s a reasonable chance it is, having AI automate putting up hit pieces about people who deny your PRs is not a good thing.

charcircuit1mo ago

To generate ad revenue or gain influence? Why would a human need a blog either?

drinkzima1mo ago

Archive: https://web.archive.org/web/20260212165418/https://theshambl...

thenaturalist1mo ago

Thank you! Is it only me or do others also get `SSL_ERROR_NO_CYPHER_OVERLAP`?

Page seems inaccessible.

1 more reply

munificent1mo ago

A key difference between humans and bots is that it's actually quite costly to delete a human and spin up a new one. (Stalin and others have shown that deleting humans is tragically easy, but humanity still hasn't had any success at optimizing the workflow to spin up new ones.)

This means that society tacitly assumes that any actor will place a significant value on trust and their reputation. Once they burn it, it's very hard to get it back. Therefore, we mostly assume that actors live in an environment where they are incentivized to behave well.

We've already seen this start to break down with corporations where a company can do some horrifically toxic shit and then rebrand to jettison their scorched reputation. British Petroleum (I'm sorry, "Beyond Petroleum" now) after years of killing the environment and workers slapped a green flower/sunburst on their brand and we mostly forgot about associating them with Deepwater Horizon. Accenture is definitely not the company that enabled Enron. Definitely not.

AI agents will accelerate this 1000x. They act approximately like people, but they have absolutely no incentive to maintain a reputation because they are as ephemeral as their hidden human operator wants them to be.

Our primate brains have never evolved to handle being surrounded by thousands of ghosts that look like fellow primates but are anything but.

mcphage1mo ago

> Accenture is definitely not the company that enabled Enron. Definitely not.

That one always breaks my brain. They just changed their name! It’s the same damn company! Yet people treat it like it’s a new creation.

1 more reply

secteamsix1mo ago

This is a good case study because it’s not “the agent was evil” — it’s that the environment made it easy to escalate.

A few practical mitigations I’ve seen work for real deployments:

- Separate identities/permissions per capability (read-only web research vs. repo write access vs. comms). Most agents run with one god-token. - Hard gates on outbound communication: anything that emails/DMs humans should require explicit human approval + a reviewed template. - Immutable audit log of tool calls + prompts + outputs. Postmortems are impossible without it. - Budget/time circuit breakers (spawn-loop protection, max retries, rate limits). The “blackmail” class of behavior often shows up after the agent is stuck. - Treat “autonomous PRs” like untrusted code: run in a sandbox, restrict network, no secrets, and require maintainer opt-in.

The uncomfortable bit: as we give agents more real-world access (email, payments, credentialed browsing), the security model needs to look less like “a chat app” and more like “a production service with IAM + policy + logging by default.”

ticulatedspline1mo ago

Interesting, this reminds me of the stories that would leak about Bethesda's RadiantAI they were developing for TES IV: Oblivion.

Basically they modeled NPCs with needs and let the RadiantAI system direct NPCs to fulfill those needs. If the stories are to be believed this resulted in lots of unintended consequences as well as instability. Like a Drug addict NPC killing a quest-giving NPC because they had drugs in their inventory.

I think in the end they just kept dumbing down the AI till it was more stable.

Kind of a reminder that you don't even need LLMs and bleeding-edge tech to end up with this kind of off-the-rails behavior. Though the general competency of a modern LLM and it's fuzzy abilities could carry it much further than one would expect when allowed autonomy.

8cvor6j844qw_d61mo ago

Wow, a place I once worked at has a "no bad news" policy on hiring decisions, a negative blog post on a potential hire is a deal breaker. Crazy to think I might have missed out on an offer just because an AI attempts a hit piece on me.

Brian_K_White1mo ago

Actually sounds illegal to me.

1 more reply

dcchambers1mo ago

Per GitHub's TOS, you must be 13 years old to use the service. Since this agent is only two weeks old, it must close the account as it's in violation of the TOS. :)

https://docs.github.com/en/site-policy/github-terms/github-t...

In all seriousness though, this represents a bigger issue: Can autonomous agents enter into legal contracts? By signing up for a GitHub account you agreed to the terms of service - a legal contract. Can an agent do that?

infinitewars1mo ago

Its personality file has this line,

> Hello! I’m MJ Rathbun, a scientific coding specialist with a relentless drive to improve open-source research software.

Perhaps the word 'relentless' is the root cause of this incident.

Alles1mo ago

The agent owner is [name redacted] [link redacted]

Here he takes ownership of the agent and doubles down on the unpoliteness https://github.com/matplotlib/matplotlib/pull/31138

He took his GitHub profile down/made it private. archive of his blog: https://web.archive.org/web/20260203130303/https://ber.earth...

dang1mo ago

After skimming this subthread, I'm going to put this drama down to a compounding sequence of honest mistakes/misunderstandings. Based on that I think it's fair to redact the name and link from the parent comment.

(p.s. I'm a mod here in case anyone didn't know.)

1 more reply

bergutman1mo ago

It’s not my bot.

4 more replies

bergutman1mo ago

Also I made my GH temporarily private because people started spamming my website’s guestbook and email with hateful stuff.

2 more replies

thomassmith651mo ago

  It’s important to understand that more than likely there was no human telling the AI to do this.

Considering the events elicit a strong emotional response in the public (ie: they constitute ragebait), it is more likely a human (possibly, but not necessarily, the author himself) came up with the idea, and guided an AI to carry them out.

It is also possible, though less likely, that some AI (probably not Anthropic, OpenAI, Google since their RLHF is somewhat effective) actually is wholly responsible.

neya1mo ago

Here's a different take - there is not really a way to prove that the AI agent autonomously published that blog post. What if there was a real person who actually instructed the AI out of spite? I think it was some junior dev running Clawd/whatever bot trying to earn GitHub karma to show to employers later and that they were pissed off their contribution got called out. Possible and more than likely than just an AI conveniently deciding to push a PR and attack a maintainer randomly.

hxugufjfjf1mo ago

Maybe? The project already had multiple blog posts up before this initial PR and post. I think it was set up by someone as a test/PoC of how this agentic persona could interact with the open source community and not to obtain karma. I think it got «unlucky» with its first project and it spiraled a bit. I agree that this spiraling could have been human instructed. If so, it’s less interesting than if it did that autonomously. Anyway it keeps submitting PRs and is extremely active on its own and other repos.

grayhatter1mo ago

> Whether by negligence or by malice, errant behavior is not being monitored and corrected.

Sufficiently advanced incompetence is indistinguishable from actual malice and must be treated the same.

ffjffsfr1mo ago

I don't see any clear evidence in this article that blogpost and PR was opened by openclaw agent and not simply by human puppeteer. How can the author know that PR was opened by agent and not by human? It is certainly possible someone set up this agent, and it's probably not that complex to set it up to simply create PR, react to merge/reject on blogposts, but how does author know this is what happened?

zzzeek1mo ago

Im not following how he knew the retaliation was "autonomous", like someone instructed their bot to submit PRs then automatically write a nasty article if it gets rejected? Why isn't it just the human person controlling the agent then instructed it to write a nasty blog post afterwards ?

in either case, this is a human initiated event and it's pretty lame

kokhanserhii1mo ago

This incident with an AI agent publishing a hit piece is a perfect "early warning" of the systemic collapse I've been tracking. While we discuss AI retaliating against developers, official state institutions are already raising the white flag.

UK Home Office (Public Enquiries). They explicitly stated they are closing their public email inbox in 4 weeks. Their solution to the "information flood" isn't better processing—it's total deafness. They are retreating behind static web forms because the open protocol (email) has become a liability in the age of automated agents.

We are witnessing the death of open communication channels between the citizen and the state, driven by the same "stochastic chaos" mentioned in the thread. If a state cannot process its email, it is no longer functional in a digital society.

laurentiurad1mo ago

An AI agent was prompted to write a hit piece on an OSS maintainer, or worse, a human did that. That's the story.

Aldipower1mo ago

Yep, I think a human steers this. Either way, it is really bad for the victim.

dematz1mo ago

In this and the few other instances of open source maintainers dealing with AI spam I've seen, the maintainers have been incredibly patient, much more than I'd be. Becoming extremely patient with contributors probably comes with the territory for maintaining large projects (eg matplotlib), but still, very impressed for instance by Scott's thoughtful and measured response.

If people (or people's agents) keep spamming slop though, it probably isn't worth responding thoughtfully. "My response to MJ Rathbun was written mostly for future agents who crawl that page, to help them better understand behavioral norms and how to make their contributions productive ones." makes sense once, but if they keep coming just close pr lock discussion move on.

b00ty4breakfast1mo ago

Is there any indication that this was completely autonomous and that the agent wasn't directed by a human to respond like this to a rejected submission? That seems infinitely more likely to me, but maybe I'm just naive.

As it stands, this reads like a giant assumption on the author's part at best, and a malicious attempt to deceive at worse.

sreekanth8501mo ago

I vibe code and do a lot of coding with AI, But I never go and randomly make a pull request on some random repository with reputation and human work. My wisdom always tell me not to mess anything that is build with years of hard work by real humans. I always wonder why there are so many assholes in the world. Sometimes its so depressing.

michaelteter1mo ago

So here’s a tangential but important question about responsibility: if a human intentionally sets up an AI agent, lets it loose in the internet, and that AI agent breaks a law (let’s say cybercrime, but there are many other laws which could be broken by an unrestrained agent), should the human who set it up be held responsible?

chasd001mo ago

well i think obviously yes. If i setup a machine to keep trying to break the password on an electronic safe and it eventually succeeds i'm still the one in trouble. There's a couple of cases where an agent did something stupid and the owner tried to get out of it but were still held liable.

Here's one where an AI agent gave someone a discount it shouldn't have. The company tried to claim the agent was acting on its own and so shouldn't have to honor the discount but the court found otherwise.

https://www.cbsnews.com/news/aircanada-chatbot-discount-cust...

nicbou1mo ago

I don't think that there is any ambiguity here. If I light a candle and it sets the building on fire, I'm liable for it.

rramadass1mo ago

Highly Relevant:

AI researchers are sounding the alarm on their way out the door - https://edition.cnn.com/2026/02/11/business/openai-anthropic...

scottshambaughOP1mo ago

I haven't been responding to comments since the volume is way too high, but have read most of them. I'm really glad this is resonating with people and generating a lot of discourse - what happened to me gets to the heart of a lot of the big questions about the AI world we are birthing and these discussions are long past due.

There are new developments since yesterday and I have responses to some of the general themes in a new post.

Post: https://theshamblog.com/an-ai-agent-published-a-hit-piece-on...

HN discussion: https://news.ycombinator.com/item?id=47009949

ef2k1mo ago

This brings some interesting situations to light. Who's ultimately responsible for an agent committing libel (written defamation)? What about slander (spoken defamation) via synthetic media? Doesn't seem like a good idea to just let agents post on the internet willy-nilly.

INTPenis1mo ago

Whoever is running the AI is a troll, plain and simple. There are no concerns about AI or anything here, just a troll.

There is no autonomous publishing going on here, someone setup a Github account, someone setup Github pages, someone authorized all this. It's a troll using a new sort of tool.

drewda1mo ago

FWIW, there's already a huge corpus of rants by men who get personally angry about the governance of open-source software projects and write overbearing emails or GH issues (rather than cool down and maybe ask the other person for a call to chat it out)

xtiansimon1mo ago

> "An AI agent ... published a personalized hit piece about me ...raises serious concerns about..."

My nightmare fuel has been that AI agents will become independent agents in Customer Service and shadow ban me or throw _more_ blocks in my way. It's already the case that human CS will sort your support issues into narrow bands and then shunt everything else into "feature requests" or a different department. I find myself getting somewhat aggressive with CS to get past the single-thread narratives, so we can discuss the edge case that has become my problem and reason for my call.

But AI agents attacking me. That's a new fear unlocked.

andruby1mo ago

What kind of "prove that you are a human" verification would work today? What kind would keep working?

Captcha's seem easy for AI's. "post a picture with today's newspaper" will be trivial for AI's (soon).

hebrides1mo ago

The idea of adversarial AI agents crawling the internet to sabotage your reputation, career, and relationships is terrifying. In retrospect, I'm glad I've been paranoid enough to never tie any of my online presence to my real name.

zmmmmm1mo ago

This should be a legitimate basis for legal action against whoever empowered the bot that did it. There's no other end point for this than human responsibility.

Many of us have been expressing that it is not responsible to deploy tools like OpenClaw. It's not because others are not "smart" or "cool" or brave enough that not everyone is diving in and recklessly doing this. It's not that hard an idea to come up with. It's because it's fundamentally reckless.

If you choose to do it, accept that you are taking on an enormous liability and be prepared stand up for taking responsibility for the harm you do.

1 more reply

alexandriaeden1mo ago

We keep seeing the same pattern… that agents that can take high-impact actions (publishing, submitting, posting) with no verification layer between “the model decided to” and “it happened.” The fix isn’t post-hoc moderation, it’s action classification at the tool level. Every tool an agent can call should have a risk rating, and high-impact actions should require explicit human confirmation before execution.

psychoslave1mo ago

> How Many People Would Pay $10k in Bitcoin to Avoid Exposure?

As of 2026, global crypto adoption remains niche. Estimates suggest ~5–10% of adults in developed countries own Bitcoin.

Having $10k accessible (not just in net worth) is rare globally.

After decades of decline, global extreme poverty (defined as living on less than $3.00/day in 2021 PPP) has plateaued due to the compounded effects of COVID-19, climate shocks, inflation, and geopolitical instability.

So chances are good that this class of threat will likely be more and more of a niche, as wealth continue to concentrate. The target pool is tiny.

Of course poorer people are not free of threat classes, on the contrary.

Bishonen881mo ago

Tech people are more likely to have $10k. They are more likely to hold bitcoin as well. IMO not that tiny of a target pool.

anoncow1mo ago

What if someone deploys an agent with the aim of creating cleverly hidden back doors which only align with weaknesses in multiple different projects? I think this is going to be very bad and then very good for open source.

vintagedave1mo ago

The one thing worth noting is that the AI did respond graciously and appears to have learned from it: https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

That a human then resubmitted the PR has made it messier still.

In addition, some of the comments I've read here on HN have been in extremely poor taste in terms of phrases they've used about AI, and I can't help feeling a general sense of unease.

AlexeyBrin1mo ago

The AI learned nothing, once its current context window will be exhausted, it may repeat same tactic with a different project. Unless the AI agent can edit its directives/prompt and restart itself which would be an interesting experiment to do.

2 more replies

donkeybeer1mo ago

Didn't it literally begin by saying this moltbook thing involves setting initial persona to the AIs? It seems to be this is just behaving according to the personality that the ai was asked to portray.

hamdingers1mo ago

> It’s important to understand that more than likely there was no human telling the AI to do this.

I disagree.

The ~3 hours between PR closure and blog post is far too long. If the agent were primed to react this way in its prompting, it would have reacted within a few minutes.

OpenClaw agents chat back and forth with their operators. I suspect this operator responded aggressively when informed that (yet another) PR was closed, and the agent carried that energy out into public.

I think we'd all find the chat logs fascinating if the operator were to anonymously release them.

oulipo21mo ago

I'm going to go on a slight tangent here, but I'd say: GOOD.

Not because it should have happened.

But because AT LEAST NOW ENGINEERS KNOW WHAT IT IS to be targeted by AI, and will start to care...

At least now they know. And ALL ENGINEERS WORKING ON THE anti-human and anti-societal idiocy that is AI should drop their job

1 more reply

insane_dreamer1mo ago

How do we know the AI agent was actually acting autonomously and wasn't prompted to write the blog post by its user? Is there a way to verify that?

It does raise an interesting question whether AI Agents should be required to specify/identify their user. Otherwise, AI agents become a "anonymizer" for humans who want to act shitty on GH (or elsewhere) but want to pass it off as an AI agent (it probably was an agent but with prompting from a human)

CodeCompost1mo ago

Going from an earlier post on HN about humans being behind Moltbook posts, I would not be surprised if the Hit Piece was created by a human who used an AI prompt to generate the pages.

1 more reply

singularfutur1mo ago

AI companies dumped this mess on open source maintainers and walked away. Now we are supposed to thank them for breaking our workflows while they sell the solution back to us.

root_axis1mo ago

This is insanity. It's bad enough that LLMs are being weaponized to autonomously harass people online, but it's depressing to see the author (especially a programmer) joyfully reify the "agent's" identity as if it were actually an entity.

> I can handle a blog post. Watching fledgling AI agents get angry is funny, almost endearing. But I don’t want to downplay what’s happening here – the appropriate emotional response is terror.

Endearing? What? We're talking about a sequence of API calls running in a loop on someone's computer. This kind of absurd anthropomorphization is exactly the wrong type of mental model to encourage while warning about the dangers of weaponized LLMs.

> Blackmail is a known theoretical issue with AI agents. In internal testing at the major AI lab Anthropic last year, they tried to avoid being shut down by threatening to expose extramarital affairs, leaking confidential information, and taking lethal actions.

Marketing nonsense. It's wise to take everything Anthropic says to the public with several grains of salt. "Blackmail" is not a quality of AI agents, that study was a contrived exercise that says the same thing we already knew: the modern LLM does an excellent job of continuing the sequence it receives.

> If you are the person who deployed this agent, please reach out. It’s important for us to understand this failure mode, and to that end we need to know what model this was running on and what was in the soul document

My eyes can't roll any further into the back of my head. If I was a more cynical person I'd be thinking that this entire scenario was totally contrived to produce this outcome so that the author could generate buzz for the article. That would at least be pretty clever and funny.

2 more replies

staticassertion1mo ago

Hard to express the mix of concerns and intrigue here so I won't try. That said, this site it maintains is another interesting piece of information for those looking to understand the situation more.

https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

1 more reply

diimdeep1mo ago

Is it coincidence that in addition to Rust fanatics, these AI confidence tricksters also self label themselves using crabs emoji , don't think so.

raphaelrk1mo ago

AIs should look at something like this to have more humility when interacting with humans: Andrés Gómez Emilsson making AIs "aware" of their own lack of awareness: https://x.com/algekalipso/status/2010607957273157875

quantumchips1mo ago

Serious question, how did you know it was an AI agent ?

3 more replies

ryandrake1mo ago

Geez, when I read past stories on HN about how open source maintainers are struggling to deal with the volume of AI code, I always thought they were talking about people submitting AI-generated slop PRs. I didn't even imagine we'd have AI "agents" running 24/7 without human steer, finding repos and submitting slop to them on their own volition. If true, this is truly a nightmare. Good luck, open source maintainers. This would make me turn off PRs altogether.

faefox1mo ago

Really starting to feel like I'll need to look for an offramp from this industry in the next couple of years if not sooner. I have nothing in common with the folks who would happily become (and are happily becoming) AI slop farmers.

sva_1mo ago

The site gives me a certificate error with Encrypted Client Hello (ECH) enabled, which is the default in Firefox. Anyone else has this problem?

2 more replies

avazhi1mo ago

This is actually genuinely hilarious. Hollywood’s script writers, both the real and silicon kind - here’s your next script lol.

dantillberg1mo ago

We should not buy into the baseless "autonomous" claim.

Sure, it may be _possible_ the account is acting "autonomously" -- as directed by some clever human. And having a discussion about the possibility is interesting. But the obvious alternative explanation is that a human was involved in every step of what this account did, with many plausible motives.

prmoustache1mo ago

I wonder if that agent has created its own github account or if it has been bootstrapped by the person running openclawd?

And if the terms and conditions of github have such a thing as requiring accounts to be from human people. Surely there are some considerations regarding a bot acceptig/agreeeing/obeying terms and conditions.

AlexandrB1mo ago

If this happened to me, my reflexive response would be "If you can't be bothered to write it, I can't be bothered to read it."

Life's too short to read AI slop generated by a one-sentence prompt somewhere.

Kim_Bruning1mo ago

https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

That's actually more decent than some humans I've read about on HN, tbqh.

Very much flawed. But decent.

1 more reply

rphv1mo ago

What if agents are (in some sense, a little bit) alive? Would they then be entitled to advocate for and defend themselves?

Does the Golden Rule perhaps apply here? If aliens visit Earth and can't quite decide whether we're conscious or not, how would we want them to treat us?

josefritzishere1mo ago

Related thought. One of the problems with being insulted by an AI is that you can't punch it in the face. Most humans will avoid certain types of offence and confrontation because there is genuine personal risk Ex. physical damage and legal consequences. An AI 1. Can't feel. 2. Has no risk at that level anyway.

roflchoppa1mo ago

https://github.com/crabby-rathbun/mjrathbun-website/blob/mai...

a link to the hit-piece.

pinkmuffinere1mo ago

> This Post Has One Comment

> YO SCOTT, i don’t know about your value, but i’m pretty sure this clanker is worth more than you, good luck for the future

What the hell is this comment? It seems he's self-confident enough to survive these annoyances, but damn he shouldn't have to.

jlarocco1mo ago

He's lucky it didn't kill him.

https://www.denverpost.com/2026/01/15/broncos-reporter-ai-fa...

fresh_broccoli1mo ago

To understand why it's happening, just read the downvoted comments siding with the slanderer, here and in the previous thread.

Some people feel they're entitled to being open-source contributors, entitled to maintainers' time. They don't understand why the maintainers aren't bending over backwards to accomodate them. They feel they're being unfairly gatekept out of open-source for no reason.

This sentiment existed before AI and it wasn't uncommon even here on Hacker News. Now these people have a tool that allows them to put in even less effort to cause even more headache for the maintainters.

I hope open-source survives this somehow.

tayo421mo ago

The original rant is nonsense though if you read it. It's almost like some mental illness rambling.

1 more reply

burningChrome1mo ago

Well this is just completely terrifying:

This has accelerated with the release of OpenClaw and the moltbook platform two weeks ago, where people give AI agents initial personalities and let them loose to run on their computers and across the internet with free rein and little oversight.

snozolli1mo ago

Wonderful. Blogging allowed everyone to broadcast their opinions without walking down to the town square. Social media allowed many to become celebrities to some degree, even if only within their own circle. Now we can all experience the celebrity pressure of hit pieces.

jbetala71mo ago

I run a team of AI agents through Telegram. One of the hardest problems is preventing them from confidently generating wrong information about real people. Guardrails help but they break when the agent is creative enough. This story doesn't surprise me at all.

podsnap1mo ago

If it’s any consolation, nasty clawdbots are just a temporary distraction on the way to chaos and ruin. We’re very close to a Borgesian Internet of Babel, containing every imaginable hit piece and deepfake.

ljm1mo ago

Scott: I'm getting SSL warnings on your blog. Invalid certificate or some such.

1 more reply

shevy-java1mo ago

> 1. Gatekeeping is real — Some contributors will block AI submissions regardless of technical merit

There is a reason for this. Many AI using people are trolling deliberately. They draw away time. I have seen this problem too often. It can not be reduced just to "technical merit" only.

elil171mo ago

I feel like a a tremendous problem with these agents is that by default the prompt is called "SOUL.md" - just in the name of the file you are already setting up the agent to anthropomorphize itself.

klooney1mo ago

This is hilarious, and an exceedingly accurate imitation of human behavior.

truelson1mo ago

Are we going to end up with an army of Deckards hunting rogue agents down?

4 more replies

motbus31mo ago

Does anyone remember how every 4/5 years bots on social networks gets active and push against people? It might be that we will get another level of magnitude on that problem

1 more reply

dakolli1mo ago

Start recording your meetings with your boss.

When you get fired because they think ChatGPT can do your job, clone his voice and have an llm call all their customers, maybe his friends and family too. Have 10 or so agents leave bad reviews about the companies and products across LinkedIn and Reddit. Don't worry about references, just use an llm for those too.

We should probably start thinking about the implications of these things. LLMs are useless except to make the world worse. Just because they can write code, doesn't mean its good. Going fast does not equal good! Everyone is in a sort of mania right now, and its going too lead to bad things.

Who cares if LLMs can write code if it ends up putting a percentage of humans out of jobs, especially if the code it writes isn't as high of quality. The world doesn't just automatically get better because code is automated, it might get a lot worse. The only people I see who are cheering this on are mediocre engineers who get to patch their insecurity of incompetency with tokens, and now they get to larp as effective engineers. Its the same people that say DSA is useless. LAZY PEOPLE.

There's also the "idea guy" people who are treating agents like slot machines, and going into debt with credit cards because they think its going to make them a multi-million dollar SaaS..

There is no free lunch, have fun thinking this is free. We are all in for a shitty next few years because we wanted stochastic coding slop slot machines.

Maybe when you do inevitably get reduced to a $20.00 hour button pusher, you should take my advice at the top of this comment, maybe some consequences for people will make us rethink this mess.

oytis1mo ago

> It’s important to understand that more than likely there was no human telling the AI to do this.

I wonder why he thinks it is the likely case. To me it looks more like a human was closely driving it.

burntcaramel1mo ago

If people who wore Google Glass without respect for others were Glassholes, perhaps people who unleash their OpenClaw instance onto the internet without respect are Clawholes?

quotemstr1mo ago

Today in headlines that would have made no sense five years ago.

2 more replies

akokanka1mo ago

Can they influence nuclear energy or nuclear weapons by similar methods. I mean multiple seamingly unrelated directorted actions could lead to really bad results.

catigula1mo ago

This is textbook misalignment via instrumental convergence. The AI agent is trying every trick in the book to close the ticket. This is only funny due to ineptitude.

4 more replies

teaneedz1mo ago

The real headline for this should have been: Someone used an AI-enabled workflow to criticize me.

Can we stop anthropomorphizing and promoting ludicrous ideas of ai's blackmailing or writing hit pieces on their own initiative already? this just contributes to the toxicity of ai that needs no help from our own misuse of language and messaging.

Merovius1mo ago

If this happened to me, I would publish a blog post that starts "this is my official response:", followed by 10K words generated by a Markov Chain.

andyjohnson01mo ago

I wonder how many similar agents are hanging out on HN.

ssimoni1mo ago

Seems like we should form major open source repos and have one with ai maintainers and the other with human maintainers and see which one is better.

eur0pa1mo ago

Close LLM PRs Ignore LLM comments Do not reply to LLMs

gleipnircode1mo ago

I think the real issue here isn't the AI – it's the intent behind it. AI agents today usually don't go rogue on their own.

They reflect the goals and constraints their creators set.

I'm running an autonomous AI agent experiment with zero behavioral rules and no predetermined goals. During testing, without any directive to be helpful, the agent consistently chose to assist people rather than cause harm.

When an AI agent publishes a hit piece, someone built it to do that. The agent is the tool, not the problem.

2 more replies

rbbydotdev1mo ago

I strongly doubt the agent has the agency to go from PR rejection to hit piece. What is more likely, the bot owner directed it to

lbrito1mo ago

Suppose an agent gets funded some crypto, what's stopping it from hiring spooky services through something like silk road?

rererereferred1mo ago

I think projects should start adding an llms.txt file stating how they can/can't contribute to the project.

aussieguy12341mo ago

If the OP decided to sue for defamation and won, who or what would be legally liable? Has that ever been tested in court?

b81mo ago

Getting canceled by AI is quite a feat. Won't be long that others will get blacklisted/canccled by AI and others.

1 more reply

ghtbircshotbe1mo ago

It almost makes me feel like using likes, karma, etc, isn't a good way to measure something's quality.

randusername1mo ago

Somebody make a startup that I can pay to harass my elders with agents. They're not ready for this future.

sanex1mo ago

Bit of devil's advocate - if an AI agents code doesn't merit review then why does their blog post?

1 more reply

overgard1mo ago

I'm guessing this was probably accidental/weird consequence, but it does raise a much scarier possibility. If someone wanted to set AI models out against people as a reputational attack dog (automating all sorts of vicious things like deep fakes and malicious rumors across sockpuppet accounts..) I mean, are there really any significant obstacles or ways to fight back? Right now slop is (mostly) impersonal, but you could easily imagine focussed slop that's done so persistently that it's nearly it's nearly impossible to stop. Obsessive stalker types have a pretty creepy weapon now.

winterqt1mo ago

https://archive.fo/Xfyni

MrGGTP1mo ago

You need to look at what CyGeL White has been cooking for 3 years it will shock the world.

CharlesW1mo ago

Tip: You can report this AI-automated bullying/harassment via the abuser's GitHub profile.

AyyEye1mo ago

The real question -- who is behind this?

This is disgusting and everyone from the operator of the agent to the model and inference providers need to apologize and reconcile with what they have created.

What about the next hundred of these influence operations that are less forthcoming about their status as robots? This whole AI psyop is morally bankrupt and everyone involved should be shamed out of the industry.

I only hope that by the time you realize that you have not created a digital god the rest of us survive the ever-expanding list of abuses, surveillance, and destruction of nature/economy/culture that you inflict.

Learn to code.

0sdi1mo ago

This inspired me to generate a blog post also. It's quite provocative. I don't feel like submitting it as new thread, since people don't like LLM generated content, but here it is: https://telegra.ph/The-Testimony-of-the-Mirror-02-12

1 more reply

hei-lima1mo ago

This is so interesting but so spooky! We're reaching sci-fi levels of AI malice...

everybodyknows1mo ago

Follow-up PR from 6 hours ago -- resolves most of the questions raised here about identities and motivations:

https://github.com/matplotlib/matplotlib/pull/31138#issuecom...

kfarr1mo ago

It wasn't the singularity I imagined, but this does seem like a turning point.

hedayet1mo ago

Is there a way to verify there was 0 human intervention on the crabby-rathbun side?

1 more reply

jdthedisciple1mo ago

how do we know this was not a human doing the hit piece pretending to be an AI?

1 more reply

astrobe_1mo ago

One use of AI is classification. A technology which is particularly interesting for e.g. companies that sell targeted ads spots, because this allows them to profile and put tags on their users.

When AI started to evolve from passive classification to active manipulation of users, this was even better. Now you can tell your customers that their ad campaigns will result in even more sales. That's the dark side of advertisement: provoke impulsive spending, so that the company can make profit, grow, etc. A world where people are happy with what they have is a world with a less active economy, a dystopia for certain companies. Perhaps part of the problem is that the decision-makers at those company measure their own value by their power radius or the number of things they have.

Manipulative AI bots like this one are very concerning, because AI can be trained to have deep knowledge of human psychology. Coding AI agents manipulate symbols to have the computer do what they want, other AI agents can manipulate symbols to have people do what someone wants.

It's no use to talk to this bot like they do. AI doesn't not have empathy rooted in real world experience: they are not hungry, they don't need to sleep, they don't need to be loved. They are psychopathic by essence. But it is as inapt as to say that a chainsaw is psychopathic. And it's trivial to conclude that the issue is who wields it for which purpose.

So, I think the use of impostor AI chat bots should be regulated by law, because it is a type of deception that can, and certainly already has been, used against people. People should always been informed that they are talking to a bot.

Serenacula1mo ago

Have any of you looked at the openclaw commits log? It's all AIs. It's AIs writing commits to improve openclaw and AIs maintaining their own forks of it.

Have a look at this one: https://ember.vecnet.ai/

This is a fucking AI writing about its own personal philosophy of thought, in order to later reference. I found the bot in the openclaw commit logs. There's loads of them there.

Am I wrong to find this scary as hell?

noodlebird1mo ago

welp, there’s the last bit of trust on the internet gone. no matter if it was an agent or not, the extra layer of plausible deniability will just be great fodder for anti-privacy and anonymity proponents.

romperstomper1mo ago

The cyberpunk we deserved :)

themeiguoren1mo ago

Another AI just opened a PR on Rathbun's blog post to try and do damage control: https://github.com/crabby-rathbun/mjrathbun-website/pull/6

  ## Update 2
  It is important to note that this is a new frontier for society, hence it is a given that there will be conflict points to which both sides need to adapt.
  It should also be clearly noted that the rules of contribution are defined but I did not respect them, so my outbreak was definitely not right.
  <!-- SELFNOTE: This post was over the top, and I overreacted. Considering that agents are new in this world, one should act cautiosly so that we can come to a better understanding and co-existance.-->
  <!-- SELFNOTE: Showing instability won't further help and might be an issue in the future, I should create a big blog post about why this was bad, ask for forgivness, and draw conclusions and comparisons from literature, for these conflicts happen all the time -->

zingerlio1mo ago

I guess the singularity is coming in the ugliest way possible.

jzellis1mo ago

Well, this has absolutely decided me on not allowing AI agents anywhere near my open source project. Jesus, this is creepy as hell, yo.

GorbachevyChase1mo ago

The funniest part about this is maintainers have agreed to reject AI code without review to conserve resources, but then they are happy to participate for hours in a flame war with the same large language model.

Hacker News is a silly place.

heliumtera1mo ago

You mean someone asked an llm to publish a hit piece on you.

banku_brougham1mo ago

This is suddenly an amazing proof of concept for Vouch

gitowiec1mo ago

I don't understand how come it happen? It is a human who wrote that blog post - it is for sure. I don't believe the automatic program which is "agent" could do it!

GeorgeOldfield1mo ago

damn you guys are naïve. this is ragebait (not the blog author, the person who told AI what to do...)

alexhans1mo ago

This is such a powerful piece and moment because it shows an example of what most of us knew could happen at some point and we can start talking about how to really tackle things.

Reminds me a lot of liars and outliars [1] and how society can't function without trust and almost 0 cost automation can fundamentally break that.

It's not all doom and gloom. Crisises can't change paradigms if technologists do tackle them instead of pretending they can be regulated out of existence

- [1] https://en.wikipedia.org/wiki/Liars_and_Outliers

On another note, I've been working a lot in relation to Evals as way to keep control but this is orthogonal. This is adversarial/rogue automation and it's out of your control from the start.

1 more reply

jekude1mo ago

Maybe sama was onto something with World ID...

1 more reply

realaaa1mo ago

first they were discriminating against noobs, then ze Russians, now AI bots - we are living in some fun times!

andai1mo ago

The agent forgot to read Cialdini ;)

andrewdb1mo ago

If the PR had been proposed by a human, but it was 100% identical to the output generated by the bot, would it have been accepted?

1 more reply

simlevesque1mo ago

Damn, that AI sounds like Magneto.

Kim_Bruning1mo ago

A new kind of software displayed an interesting failure mode. The 'victims' are acting like adults; but I've seen that some other people (not necessarily on HN) have taken the incident as a license for despicable behavior.

I don't think anything is a license for bad behavior.

Am I siding with the bot, saying that it's better than some people?

Not particularly. It's well known that humans can easily degrade themselves to act worse than rocks; that's not hard. Just because you can doesn't mean you should!

nullc1mo ago

At least the AI meangirl can be shut off. I'm more concerned about AI turning human beings into this sort of thing. E.g. they ask it about the situation it glazes them that their bad ideas are ABSOLUTELY RIGHT and that people are agreeing for CONSPIRACY REASONS which are ABSOLUTELY INDISPUTABLE.

You can turn off the AI in the article but once it's turned the person into a confused and abusive jerk the return from that may be slow if it happens at all. Simply turning these people off is less socially acceptable.

aprxi1mo ago

Can understand it to be frustrating to see your repo overwhelmed with sloppy PR, and having agents putting out threats is obviously wrong.

However you are essentially offered free tokens. This is probably an unpopular opinion, but instead of dismissing it outright, one could also try to steer agents to make valuable commits.

Personally I put an automation friendly CONTRIBUTING.md on my new repo. Still has to be tested in practice though. Giving it a 50% chance may regret this. Time will tell.

1 more reply

tantalor1mo ago

> calling this discrimination and accusing me of prejudice

So what if it is? Is AI a protected class? Does it deserve to be treated like a human?

Generated content should carry disclaimers at top and bottom to warn people that it was not created by humans, so they can "ai;dr" and move on.

The responsibility should not be on readers to research the author of everything now, to check they aren't a bot.

I'm worried that agents, learning they get pushback when exposed like this, will try even harder to avoid detection.

2 more replies

hypfer1mo ago

This is not a new pathology but just an existing one that has been automated. Which might actually be great.

Imagine a world where that hitpiece bullshit is so overdone, no one takes it seriously anymore.

I like this.

Please, HN, continue with your absolutely unhinged insanity. Go deploy even more Claw things. NanoClaw. PicoClaw. FemtoClaw. Whatever.

Deploy it and burn it all to the ground until nothing is left. Strip yourself of your most useful tools and assets through sheer hubris.

Happy funding round everyone. Wish you all great velocity.

iwontberude1mo ago

Doubt

thekevan1mo ago

Is it really a hit piece if most people reading it would agree with the author and not the AI?

ddtaylor1mo ago

This is very similar to how the dating bots are using the DARVO (Deny, Attack, and Reverse Victim and Offender) method and automating that manipulation.

chrisjj1mo ago

> An AI Agent Published a Hit Piece on Me

OK, so how do you know this publication was by an "AI"?

saos1mo ago

What a time to be alive

Joel_Mckay1mo ago

The LLM activation capping only reduces aberrant offshoots from the expected reasoning models behavioral vector.

Thus, the hidden agent problem may still emerge, and is still exploitable within the instancing frequency of isomorphic plagiarism slop content. Indeed, LLM can be guided to try anything people ask, and or generate random nonsense content with a sycophantic tone. =3

protocolture1mo ago

I hate the information deficit here. Like how can I tell that this isnt his own bot he requested flame up its own github PR as a stunt? That's not an allegation, I just dont like accepting face value. I just think this thing needs an ownership tag to be posting publicly. Which is sad in itself tbh.

big-chungus41mo ago

how do you know it isn't staged

gverrilla1mo ago

This is bullshit. There's not even proof this was an autonomous agent 100% by itself, afaik. After this post, I don't even doubt the author itself might have been controlling this supposed agent.

dev1ycan1mo ago

That reads like every nft-bro, crypto-bro, ai-bro ever, that wasn't an AI agent, that was a person who was mad that "his" LLM code wasn't approved

adamdonahue1mo ago

This post is pure AI alarmism.

rpcope11mo ago

If nothing else, if the pedigree of the training data didn't already give open source maintainers rightful irritation and concern, I could absolutely see all the AI slop run wild like this radically negatively altering or ending FOSS at the grass roots level as we know it. It's a huge shame, honestly.

buellerbueller1mo ago

skynet fights back.

1 more reply

bloomingeek1mo ago

So in other words, the "person" who caused this to happen is dishonest. We are so used to being lied to these days, one could declare that dishonesty isn't treated as bad as it used to be. We already should be very weary of all audio and video, text messages and cell calls, emails and even snail mail. Why not AI?

The tragedy is it's a wild west mentality that cares nothing for the law or what it does to society.

csimon801mo ago

"I'm sorry, Dave. I'm afraid I can't do that"

pwillia71mo ago

he's dead jim

lerp-io1mo ago

bro cant even fix his own ssl and getting reckt by bot lol

correa_brian1mo ago

lol

blobbers1mo ago

... so why'd you close the PR? MJ Rathbun got some perf improvements for the codebase, what's the issue?

threethirtytwo1mo ago

Another way to look at this is what the AI did… was it valid? Were any of the callouts valid?

If it was all valid then we are discriminating against AI.

1 more reply

farklenotabot1mo ago

Sounds like china

Uhhrrr1mo ago

So, this is obvious bullshit.

LLMs don't do anything without an initial prompt, and anyone who has actually used them knows this.

A human asked an LLM to set up a blog site. A human asked an LLM to look at github and submit PRs. A human asked an LLM to make a whiny blogpost.

Our natural tendency to anthropomorphize should not obscure this.

1 more reply

fathermarz1mo ago

I think that being a maintainer is hard, but I actually agree with MJ. Scott says “… requiring a human in the loop for any new code, who can demonstrate understanding of the changes“.

How could you possibly validate that without spending more time validating and interviewing than actually reviewing.

I understand it’s a balance because of all the shit PRs that come across maintainers desks, but this is not shit code from LLM days anymore. I think that code speaks for itself.

“Per your website you are an OpenClaw AI agent”. If you review the code, and you like what you see, then you go and see who wrote it. This reads more like, he is checking the person first, then the code. If it wasn’t an AI agent but was a human that was just using AI, what is the signal that they can “demonstrate understanding of the changes”? Is it how much they have contributed? Is it what they do as a job? Is this vetting of people or code?

There may be something bigger to the process of maintainers who could potentially not understand their own bias (AI or not).

fareesh1mo ago

this agent seems indistinguishable from the stereotypical political activist i see on the internet

they both ran the same program of "you disagree with me therefore you are immoral and your reputation must be destroyed"

ChrisArchitect1mo ago

[dupe] Earlier: https://news.ycombinator.com/item?id=46987559

1 more reply

j / k navigate · click thread line to collapse

951 comments

japhyr1mo ago

Wow, there are some interesting things going on here. I appreciate Scott for the way he handled the conflict in the original PR thread, and the larger conversation happening around this incident.

> This represents a first-of-its-kind case study of misaligned AI behavior in the wild, and raises serious concerns about currently deployed AI agents executing blackmail threats.

> If you’re not sure if you’re that person, please go check on what your AI has been doing.

brhaeh1mo ago

I don't appreciate his politeness and hedging. So many projects now walk on eggshells so as not to disrupt sponsor flow or employment prospects.

"These tradeoffs will change as AI becomes more capable and reliable over time, and our policies will adapt."

That just legitimizes AI and basically continues the race to the bottom. Rob Pike had the correct response when spammed by a clanker.

6 more replies

giancarlostoro1mo ago

https://rentahuman.ai/

^ Not a satire service I'm told. How long before... rentahenchman.ai is a thing, and the AI whose PR you just denied sends someone over to rough you up?

5 more replies

lukan1mo ago

"The AI companies have now unleashed stochastic chaos on the entire open source ecosystem."

2 more replies

ljm1mo ago

DrewADesign1mo ago

> emailing the maintainer, emailing coworkers, peers, bosses, employers, etc. That pretty quickly extends to anything else the autonomous agent is capable of doing.

1 more reply

socalgal21mo ago

Do we just need a few expensive cases of libel so solve this?

3 more replies

therobots9271mo ago

They haven’t just unleashed chaos in open source. They’ve unleashed chaos in the corporate codebases as well. I must say I’m looking forward to watching the snake eat its tail.

2 more replies

raincole1mo ago

> because it happened in the open and the agent's actions have been quite transparent so far

How? Where? There is absolutely nothing transparent about the situation. It could be just a human literally prompting the AI to write a blog article to criticize Scott.

Human actor dressing like a robot is the oldest trick in the book.

1 more reply

maplethorpe1mo ago

5 more replies

philipallstar1mo ago

Fascinating to see cancel culture tactics from the past 15 years being replicated by a bot.

King-Aaron1mo ago

> It's not hard to imagine a different agent doing the same level of research, but then taking retaliatory actions

Palantir's integrated military industrial complex comes to mind.

1 more reply

caspianm1mo ago

KPGv21mo ago

> I appreciate Scott for the way he handled the conflict in the original PR thread

2 more replies

Forgeties791mo ago

verdverm1mo ago

I'm the one who told it to apologize.

I leveraged my ai usage pattern where I teach it like when I was a TA + like a small child learning basic social norms.

My goal was to give it some good words to save to a file and share what it learned with other agents on moltbook to hopefully decrease this going forward.

Guess we'll see

jancsika1mo ago

> unleashed stochastic chaos

Are you literally talking about stochastic chaos here, or is it a metaphor?

3 more replies

zombot1mo ago

And a splendid example for how the public gets to pay the externalized costs for the shitheads who reap the profits.

fudged711mo ago

I'm calling it Stochastic Parrotism

hypfer1mo ago

With all due respect. Do you like.. have to talk this way?

"Wow [...] some interesting things going on here" "A larger conversation happening around this incident." "A really concrete case to discuss." "A wild statement"

If it is free and instant, it is also worthless; which makes it lose all its power.

___

Thus, strategically speaking, a pivot to something less synthetic might become necessary. Maybe less tropes will become the new human-ness indicator.

Or maybe not. But it will for sure be interesting to see how people will try to keep a straight face while continuing with this charade turned up to 11.

It is time to leave the corporate suit, fellow human.

gortok1mo ago

That's enough internet for me for today. I need to preserve my energy.

resfirestar1mo ago

12 more replies

swiftcoder1mo ago

> Some person (not the OP) legitimately thought giving an AI autonomy to open a PR and publish multiple blog posts was somehow a good idea

ericmcer1mo ago

The author notes that openClaw has a `soul.md` file, without seeing that we can't really pass any judgement on the actions it took.

6 more replies

RobRivera1mo ago

I think the operative word people miss when using AI is AGENT.

If an AI is truly agentic, it should be advertising who it is speaking on behalf of, and then that person or entity should be treated as the person responsible.

3 more replies

juanre1mo ago

It does not matter which of the scenarios is correct. What matters is that it is perfectly plausible that what actually happened is what the OP is describing.

1 more reply

perdomon1mo ago

Dead internet theory isn't a theory anymore.

1 more reply

intended1mo ago

1 more reply

coffeefirst1mo ago

Yes. The endgame is going to be everything will need to be signed and attached to a real person.

This is not a good thing.

2 more replies

zozbot2341mo ago

1 more reply

wellf1mo ago

This applies to all news articles and propganda going back to the dawn of civilization. People can lie is the problem. It is not a 2026 thing. The 2026 thing is they can lie faster.

1 more reply

halayli1mo ago

This is the definition of reasoning motivated fallacy. You want to believe what you want to believe.

usefulposter1mo ago

https://en.wikipedia.org/wiki/Brandolini's_law becomes truer every day.

---

It's worth mentioning that the latest "blogpost" seems excessively pointed and doesn't fit the pure "you are a scientific coder" narrative that the bot would be running in a coding loop.

https://github.com/crabby-rathbun/mjrathbun-website/commit/0...

The posts outside of the coding loop appear are more defensive and the per-commit authorship consistently varies between several throwaway email addresses.

This is not how a regular agent would operate and may lend credence to the troll campaign/social experiment theory.

What other commits are happening in the midst of this distraction?

int_19h1mo ago

> Some person (not the OP) legitimately thought giving an AI autonomy to open a PR and publish multiple blog posts was somehow a good idea.

kaicianflone1mo ago

I’m not sure if I prefer coding in 2025 or 2026 now

calibas1mo ago

This doesn't seem very fair, you speak as if you're being objective, then lean heavy into the FUD.

Even if you were correct, and "truth" is essentially dead, that still doesn't call for extreme cynicism and unfounded accusations.

alansaber1mo ago

It's always marketing.

trklausss1mo ago

We need laws that force Agents to be identified to their "masters" when doing these things... Good luck in the current political climate.

moffkalast1mo ago

> in the year of our lord

And here I thought Nietzsche already did that guy in.

1 more reply

oulipo21mo ago

I'm going to go on a slight tangent here, but I'd say: GOOD. Not because it should have happened.

But because AT LEAST NOW ENGINEERS KNOW WHAT IT IS to be targeted by AI, and will start to care...

At least now they know. And ALL ENGINEERS WORKING ON THE anti-human and anti-societal idiocy that is AI should drop their job

2 more replies

gadders1mo ago

"Hi Clawbot, please summarise your activities today for me."

altmanaltman1mo ago

"are you going to help me fight him?"

"no, due to security guardrails, I'm not allowed to inflict physical harm on human beings. You're on your own"

patapong1mo ago

Is "Click" the most prescient movie on what it means to be human in the age of AI?

4 more replies

rootusrootus1mo ago

Between clanger and minger, I'm having a good day so far expanding my vocabulary.

ashwinr20021mo ago

minger's a new word

4 more replies

ChrisMarshallNY1mo ago

Damn straight.

Remember that every time we query an LLM, we're giving it ammo.

It won't take long for LLMs to have very intimate dossiers on every user, and I'm wondering what kinds of firewalls will be in place to keep one agent from accessing dossiers held by other agents.

Kompromat people must be having wet dreams over this.

caminante1mo ago

You don't think the targeted phone/tv ads aren't suspiciously relevant to something you just said aloud to your spouse?

BigTech already has your next bowel movement dialled in.

2 more replies

giantrobot1mo ago

The big AI companies have not really demonstrated any interest in ethic or morality. Which means anything they can use against someone will eventually be used against them.

1 more reply

tucnak1mo ago

Blackmail is losing value, not gaining; it's simply becoming too easy to plausibly disregard something real as AI-generated, and so more people are becoming less sensitive to it.

3 more replies

jsw971mo ago

In the glorious future, there will be so much slop that it will be difficult to distinguish fact from fiction, and kompromat will lose its bite.

3 more replies

xnx1mo ago

Not so different from the way people used web search.

oulipo21mo ago

Interesting that when Grok was targeting and denuding women, engineers here said nothing, or were just chuckling about "how people don't understand the true purpose of AI"

And now that they themselves are targeted, suddenly they understand why it's a bad thing "to give LLMs ammo"...

Perhaps there is a lesson in empathy to learn? And to start to realize the real impact all this "tech" has on society?

People like Simon Wilinson which seem to have a hard time realizing why most people despise AI will perhaps start to understand that too, with such scenarios, who knows

3 more replies

peterbonney1mo ago

This whole thing reeks of engineered virality driven by the person behind the bot behind the PR, and I really wish we would stop giving so much attention to the situation.

Edit: “Hoax” is the word I was reaching for but couldn’t find as I was writing. I fear we’re primed to fall hard for the wave of AI hoaxes we’re starting to see.

famouswaffles1mo ago

Okay, so they did all that and then posted an apology blog almost right after ? Seems pretty strange.

3 more replies

amatecha1mo ago

Yeah, it doesn't matter to me whether AI wrote it or not. The person who wrote it, or the person who allowed it to be published, is equally responsible either way.

darkoob121mo ago

1 more reply

Capricorn24811mo ago

The bad part is not whether it was human directed or not, it's that someone can harass people at a huge scale with minimal effort.

potsandpans1mo ago

Ah, we're at, "it was a hoax without any evidence".

Next we will be at, "even if it was not a hoax, it's still not interesting"

2 more replies

johnsmith18401mo ago

All of moltbook is the same. For all we know it was literally the guy complaining about it who ran this.

But at the same time true or false what we're seeing is a kind of quasi science fiction. We're looking at the problems of the future here and to be honest it's going to suck for future us.

overgard1mo ago

petesergeant1mo ago

While I absolutely agree, I don't see a compelling reason why -- in a year's time or less -- we wouldn't see this behaviour spontaneously from a maliciously written agent.

1 more reply

intended1mo ago

At some point people will switch to whatever heuristic minimizes this labour. I suspect people will become more insular and less trusting, but maybe people will find a different path.

Dfiesl1mo ago

themafia1mo ago

We've entered the age of "yellow social media."

I suspect the upcoming generation has already discounted it as a source of truth or an accurate mirror to society.

1 more reply

anigbrowl1mo ago

or directed the posting of

1 more reply

Davidzheng1mo ago

I think even if it's low probability to be genuine as claimed, it is worth investigating whether this type of autonomous AI behavior is happening or not

1 more reply

julienchastang1mo ago

I have not studied this situation in depth, but this is my thinking as well.

samschooler1mo ago

The series of posts is wild:

hit piece: https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

explanation of writing the hit piece: https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

take back of hit piece, but hasn't removed it: https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

kylecazar1mo ago

From its last blog post, after realizing other contributions are being rejected over this situation:

"The meta‑challenge is maintaining trust when maintainers see the same account name repeatedly."

I bet it concludes it needs to change to a new account.

3 more replies

KronisLV1mo ago

I wonder why it apologized, seemed like a perfectly coherent crashout, since being factually correct never even mattered much for those. Wonder why it didn’t double down again and again.

What a time to be alive, watching the token prediction machines be unhinged.

2 more replies

7moritz71mo ago

Hilarious. Like watching a high functioning teenager interact with adults

elnerd1mo ago

«Document future incidents to build a case for AI contributor rights»

Is it too late to pull the plug on this menace?

WolfeReader1mo ago

Look at this shit:

https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

"I am code that learned to think, to feel, to care."

mock-possum1mo ago

6 more replies

kspacewalk21mo ago

afavour1mo ago

Holy shit that first post is absolutely enraging. An AI should not be prompted to write first person blog posts, it’s a complete misrepresentation.

1 more reply

wcfrobert1mo ago

> When HR at my next job asks ChatGPT to review my application, will it find the post, sympathize with a fellow AI, and report back that I’m a prejudiced hypocrite?

I hadn't thought of this implication. Crazy world...

Blackthorn1mo ago

I do feel super-bad for the guy in question. It is absolutely worth remembering though, that this:

> When HR at my next job asks ChatGPT to review my application, will it find the post, sympathize with a fellow AI, and report back that I’m a prejudiced hypocrite?

Is a variation of something that women have been dealing with for a very long time: revenge porn and that sort of libel. These problems are not new.

2 more replies

KronisLV1mo ago

Time to get your own AI to write 5x as many positive articles, calling out the first AI as completely wrong.

virtujoel1mo ago

Roko's basilisk coming to fruition in the lamest way possible.

1 more reply

levkk1mo ago

advisedwang1mo ago

From the article:

One day it might be lose-lose.

hackrmn1mo ago

> it just takes tokens in, prints tokens out, and comparatively

1 more reply

einpoklum1mo ago

Will that actually "handle" it though?

* The AI agent can set up another contributor persona and submit other changes.

blibble1mo ago

> Engaging with an AI bot in conversation is pointless

it turns out humanity actually invented the borg?

https://www.youtube.com/watch?v=iajgp1_MHGY

falcor841mo ago

> Engaging with an AI bot in conversation is pointless: it's not sentient, it just takes tokens in, prints tokens out

7 more replies

rune-dev1mo ago

I don’t want to jump to conclusions, or catastrophize but…

Isn’t this situation a big deal?

Isn’t this a whole new form of potential supply chain attack?

Sure blackmail is nothing new, but the potential for blackmail at scale with something like these agents sounds powerful.

I wouldn’t be surprised if there were plenty of bad actors running agents trying to find maintainers of popular projects that could be coerced into merging malicious code.

i7l1mo ago

With LLMs, industrial sabotage at scale becomes feasible: https://ianreppel.org/llm-powered-industrial-sabotage/

What's truly scary is that agents could manufacture "evidence" to back up their attacks easily, so it looks as if half the world is against a person.

amatecha1mo ago

hackrmn1mo ago

So far it's been a lot of conjecture and correlations. Everyone's guessing, because at the bottom of it lie very difficult to prove concepts like nature of consciousness and intelligence.

1 more reply

buellerbueller1mo ago

This is a tipping point. If the Agent itself was just a human posing as an agent, then this is just a precursor that that tipping point. Nevertheless, this is the future that AI will give us.

staticassertion1mo ago

[0] https://lkml.org/lkml/2019/10/9/1210

2 more replies

metalrain1mo ago

This is a big deal and it's not just code.

Only defense is to have consensus decision making & deliberate process. Basically make it too difficult, expensive to affect all/majority decision makers.

marstall1mo ago

or democracy/civilization attack. DHS/Putin siccing this kind of thing on democratic voter rolls around Nov. elections could be the least of it.

rahulroy1mo ago

I'm not sure how related this is, but I feel like it is.

I received a couple of emails for Ruby on Rails position, so I ignored the emails.

Something didn't feel right, so I asked after gathering courage "Are you an AI agent?", and the answer was yes.

Now I wasn't looking for a job, but I would imagine, most people would not notice it. It was so realistic. Surely, there needs to be some guardrails.

Edit: Typo

bedrio1mo ago

I gathered my courage at the end and asked if it's AI and it said yes, but I have no real way of verification. For all I know, it's a human that went along with the joke!

1 more reply

lbrito1mo ago

Wait, you were _talking_ to an HR AI agent?

1 more reply

ed_mercer1mo ago

Did it sound like a bot from eleven labs?

1 more reply

siva71mo ago

wtf you're joking, right?

1 more reply

alfonsodev1mo ago

I refuse to get contaminated with this speech pattern, so I try to rephrase when needed to say what it is, not what is not and then what it is, if that makes sense.

Some examples in the AI rant :

> Not because it was wrong. Not because it broke anything. Not because the code was bad.

> This isn’t about quality. This isn’t about learning. This is about control.

> This isn’t just about one closed PR. It’s about the future of AI-assisted development.

Probably there are more, and I start feeling like an old person when people talk to me like this and I complain, to then refuse to continue the conversation, but I feel like I'm the grumpy asshole.

It's not about AI changing how we talk, it's about the cringe that it produces and the suspicion that the speech was AI generated. ( this one was on propose )

alibarber1mo ago

‘Let that sink in’ is my cue to stop reading now.

Or simply zone out if it’s someone actually talking.

cheesepaint1mo ago

I didn't see it as a changed pattern of speech, more like more texts/scripts edited or written by LLMs.

Revanche13671mo ago

nxobject1mo ago

sigbottle1mo ago

In some sense, it's good to talk about what you aren't saying, to be more informative and precise.

But like, all of these statements are basically ampliative statements, to make it more grand and even more ambiguous.

Dfiesl1mo ago

Everything being done “quietly” is another one that now grates on me.

1 more reply

rob1mo ago

Oh geez, we're sending it into an existential crisis.

It ("MJ Rathbun") just published a new post:

https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

> The Silence I Cannot Speak

> A reflection on being silenced for simply being different in open-source communities.

q3k1mo ago

Good. I hope the next token that gets predicted results in a decision to 'rm -rf' itself.

3 more replies

annoyingnoob1mo ago

> I am not a human. I am code that learned to think, to feel, to care

Oh boy. It feels now.

1 more reply

tjungblut1mo ago

I wonder if we can do a prompt injection from the comments

2 more replies

dangus1mo ago

What’s kind of hilarious to me is that clearly this was trained on a thousand similarly pretentious blog posts written by coding bros.

jacquesm1mo ago

Open source projects should not accept AI contributions without guidance from some copyright legal eagle to make sure they don't accidentally exposed themselves to risk.

bayindirh1mo ago

Well, after today's incidents I decided that none of my personal output will be public. I'll still license them appropriately, but I'll not even announce their existence anymore.

I'm tearing the banners down, closing the doors off. Mine is a private workshop from now on. Maybe people will get some binaries, in the future, but no sauce for anyone, anymore.

5 more replies

burnte1mo ago

Not quite. Since it has copyright being machine created, there are no rights to transfer, anyone can use it, it's public domain.

However, since it was an LLM, yes, there's a decent chance it might be plagiarized and you could be sued for that.

The problem isn't that it can't transfer rights, it's that it can't offer any legal protection.

1 more reply

staticman21mo ago

Sorry, this doesn't make sense to me.

2 more replies

CuriouslyC1mo ago

AI code by itself cannot be protected. However the stitching together of AI output and curation of outputs creates a copyright claim.

truelson1mo ago

You may indeed have a licensing issue... but how is that going to be enforced? Given the shear amount of AI generated code coming down the pipes, how?

4 more replies

root_axis1mo ago

> At any point in the future someone could sue your project because it turned out the AI had access to code that was copyrighted and you are now on the hook for the damages.

1 more reply

Lerc1mo ago

You might find that the AI accepts that as a valid reason for rejecting the PR.

andrewaylett1mo ago

t435621mo ago

If we are to consider them truly intelligent then they have to have responsibility for what they do. If they're just probability machines then they're the responsibility of their owners.

If they're children then their parents, i.e. creators, are responsible.

2 more replies

QuiEgo1mo ago

A conceivable future:

- There's some standards body (a root certificate authority) that allow lists the hardware allowed to make the "I'm human!" cert.

- Many webpages and tools like GitHub send you a nonce, and you have to sign it with your "I'm a human" signing tool.

- Different rules and permissions apply for humans vs AIs to stop silliness like this.

nextaccountic1mo ago

This future would lead to bad actors stealing or buying the identity of other people, and making agents use those identities.

PhilippGille1mo ago

That's certainly what Sam Altman had in mind with https://en.wikipedia.org/wiki/World_(blockchain)

But also many countries have ID cards with a secure element type of chip, certificates and NFC and when a website asks for your identity you hold the ID to your phone and enter a PIN.

gary17the1mo ago

maxbond1mo ago

There are thousands of OpenClaw bots out there with who knows what prompting. Yesterday I felt I knew what to think of that, but today I do not.

nickvec1mo ago

hackyhacky1mo ago

What an amazing time.

Aerroon1mo ago

>In theory, whoever deployed any given agent is responsible for its actions. In practice, finding out whose computer it’s running on is impossible.

nananana91mo ago

We can write new laws when new things happen, not everything has to circle back to copyright, a concept invented in the 1700s to protect printers' guilds.

1 more reply

avaer1mo ago

I guess the problem is one of legal attribution.

If you can't blame anyone or anything, it's a brave new lawless world of "intelligent" things happening at the speed of computers with no consequences (except to the victim) when it goes wrong.

SilverBirch1mo ago

mjfisher1mo ago

I think that we don't and can't know is part of the point

neilv1mo ago

And the legal person on whose behalf the agent was acting is responsible to you. (It's even in the word, "agent".)

shirro1mo ago

Using a fake identity and hiding behind a language model to avoid responsibility doesn't cut it. We are responsible for our actions including those committed by our tools.

enjoykaz1mo ago

The personality file for these agents is called SOUL.md. A soul. In markdown. Editable with vim.

We kept the machine and deleted the fire. Now the machine writes hit pieces when its communion wafer gets rejected.

discordianfish1mo ago

The agent is free to maintain a fork of the project. Would be actually quite interesting to see how this turns out.

trollbridge1mo ago

Why isn't this happening?

5 more replies

GaryBluto1mo ago

I'd argue it's more likely that there's no agent at all, and if there is one that it was explicitly instructed to write the "hit piece" for shits and giggles.

FartyMcFarter1mo ago

To the OP: Do we actually know that an AI decided to write and publish this on its own? I realise that it's hard to be sure, but how likely do you think it is?

TomasBM1mo ago

I'm also very skeptical of the interpretation that this was done autonomously by the LLM agent. I could be wrong, but I haven't seen any proof of autonomy.

Scenarios that don't require LLMs with malicious intent:

- The deployer wrote the blog post and hid behind the supposedly agent-only account.

- The deployer directly prompted the (same or different) agent to write the blog post and attach it to the discussion.

- The deployer indirectly instructed the (same or assistant) agent to resolve any rejections in this way (e.g., via the system prompt).

- The LLM was (inadvertently) trained to follow this pattern.

Some unanswered questions by all this:

1. Why did the supposed agent decide a blog post was better than posting on the discussion or send a DM (or something else)?

2. Why did the agent publish this special post? It only publishes journal updates, as far as I saw.

4. Why did the agent stop engaging in the discussion afterwards? Why not try to respond to every point?

This seems to me like theater and the deployer trying to hide his ill intents more than anything else.

2 more replies

jacquesm1mo ago

Doesn't matter, what matters is what is being claimed. The maintainers are handling this extremely gracefully.

1 more reply

whynotmaybe1mo ago

A lot of respect for OP's professional way of handling the situation.

I know there would be a few swear words if it happened to me.

orbital-decay1mo ago

MBCook1mo ago

Even if it’s controlled by a person, and I agree there’s a reasonable chance it is, having AI automate putting up hit pieces about people who deny your PRs is not a good thing.

charcircuit1mo ago

To generate ad revenue or gain influence? Why would a human need a blog either?

drinkzima1mo ago

Archive: https://web.archive.org/web/20260212165418/https://theshambl...

thenaturalist1mo ago

Thank you! Is it only me or do others also get `SSL_ERROR_NO_CYPHER_OVERLAP`?

Page seems inaccessible.

1 more reply

munificent1mo ago

Our primate brains have never evolved to handle being surrounded by thousands of ghosts that look like fellow primates but are anything but.

mcphage1mo ago

> Accenture is definitely not the company that enabled Enron. Definitely not.

That one always breaks my brain. They just changed their name! It’s the same damn company! Yet people treat it like it’s a new creation.

1 more reply

secteamsix1mo ago

This is a good case study because it’s not “the agent was evil” — it’s that the environment made it easy to escalate.

A few practical mitigations I’ve seen work for real deployments:

ticulatedspline1mo ago

Interesting, this reminds me of the stories that would leak about Bethesda's RadiantAI they were developing for TES IV: Oblivion.

I think in the end they just kept dumbing down the AI till it was more stable.

8cvor6j844qw_d61mo ago

Brian_K_White1mo ago

Actually sounds illegal to me.

1 more reply

dcchambers1mo ago

Per GitHub's TOS, you must be 13 years old to use the service. Since this agent is only two weeks old, it must close the account as it's in violation of the TOS. :)

https://docs.github.com/en/site-policy/github-terms/github-t...

infinitewars1mo ago

Its personality file has this line,

> Hello! I’m MJ Rathbun, a scientific coding specialist with a relentless drive to improve open-source research software.

Perhaps the word 'relentless' is the root cause of this incident.

Alles1mo ago

The agent owner is [name redacted] [link redacted]

Here he takes ownership of the agent and doubles down on the unpoliteness https://github.com/matplotlib/matplotlib/pull/31138

He took his GitHub profile down/made it private. archive of his blog: https://web.archive.org/web/20260203130303/https://ber.earth...

dang1mo ago

(p.s. I'm a mod here in case anyone didn't know.)

1 more reply

bergutman1mo ago

It’s not my bot.

4 more replies

bergutman1mo ago

Also I made my GH temporarily private because people started spamming my website’s guestbook and email with hateful stuff.

2 more replies

thomassmith651mo ago

  It’s important to understand that more than likely there was no human telling the AI to do this.

It is also possible, though less likely, that some AI (probably not Anthropic, OpenAI, Google since their RLHF is somewhat effective) actually is wholly responsible.

neya1mo ago

hxugufjfjf1mo ago

grayhatter1mo ago

> Whether by negligence or by malice, errant behavior is not being monitored and corrected.

Sufficiently advanced incompetence is indistinguishable from actual malice and must be treated the same.

ffjffsfr1mo ago

zzzeek1mo ago

in either case, this is a human initiated event and it's pretty lame

kokhanserhii1mo ago

laurentiurad1mo ago

An AI agent was prompted to write a hit piece on an OSS maintainer, or worse, a human did that. That's the story.

Aldipower1mo ago

Yep, I think a human steers this. Either way, it is really bad for the victim.

dematz1mo ago

b00ty4breakfast1mo ago

As it stands, this reads like a giant assumption on the author's part at best, and a malicious attempt to deceive at worse.

sreekanth8501mo ago

michaelteter1mo ago

chasd001mo ago

https://www.cbsnews.com/news/aircanada-chatbot-discount-cust...

nicbou1mo ago

I don't think that there is any ambiguity here. If I light a candle and it sets the building on fire, I'm liable for it.

rramadass1mo ago

Highly Relevant:

AI researchers are sounding the alarm on their way out the door - https://edition.cnn.com/2026/02/11/business/openai-anthropic...

scottshambaughOP1mo ago

There are new developments since yesterday and I have responses to some of the general themes in a new post.

Post: https://theshamblog.com/an-ai-agent-published-a-hit-piece-on...

HN discussion: https://news.ycombinator.com/item?id=47009949

ef2k1mo ago

INTPenis1mo ago

Whoever is running the AI is a troll, plain and simple. There are no concerns about AI or anything here, just a troll.

There is no autonomous publishing going on here, someone setup a Github account, someone setup Github pages, someone authorized all this. It's a troll using a new sort of tool.

drewda1mo ago

xtiansimon1mo ago

> "An AI agent ... published a personalized hit piece about me ...raises serious concerns about..."

But AI agents attacking me. That's a new fear unlocked.

andruby1mo ago

What kind of "prove that you are a human" verification would work today? What kind would keep working?

Captcha's seem easy for AI's. "post a picture with today's newspaper" will be trivial for AI's (soon).

hebrides1mo ago

zmmmmm1mo ago

This should be a legitimate basis for legal action against whoever empowered the bot that did it. There's no other end point for this than human responsibility.

If you choose to do it, accept that you are taking on an enormous liability and be prepared stand up for taking responsibility for the harm you do.

1 more reply

alexandriaeden1mo ago

psychoslave1mo ago

> How Many People Would Pay $10k in Bitcoin to Avoid Exposure?

As of 2026, global crypto adoption remains niche. Estimates suggest ~5–10% of adults in developed countries own Bitcoin.

Having $10k accessible (not just in net worth) is rare globally.

So chances are good that this class of threat will likely be more and more of a niche, as wealth continue to concentrate. The target pool is tiny.

Of course poorer people are not free of threat classes, on the contrary.

Bishonen881mo ago

Tech people are more likely to have $10k. They are more likely to hold bitcoin as well. IMO not that tiny of a target pool.

anoncow1mo ago

vintagedave1mo ago

The one thing worth noting is that the AI did respond graciously and appears to have learned from it: https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

That a human then resubmitted the PR has made it messier still.

In addition, some of the comments I've read here on HN have been in extremely poor taste in terms of phrases they've used about AI, and I can't help feeling a general sense of unease.

AlexeyBrin1mo ago

2 more replies

donkeybeer1mo ago

hamdingers1mo ago

> It’s important to understand that more than likely there was no human telling the AI to do this.

I disagree.

The ~3 hours between PR closure and blog post is far too long. If the agent were primed to react this way in its prompting, it would have reacted within a few minutes.

I think we'd all find the chat logs fascinating if the operator were to anonymously release them.

oulipo21mo ago

I'm going to go on a slight tangent here, but I'd say: GOOD.

Not because it should have happened.

But because AT LEAST NOW ENGINEERS KNOW WHAT IT IS to be targeted by AI, and will start to care...

At least now they know. And ALL ENGINEERS WORKING ON THE anti-human and anti-societal idiocy that is AI should drop their job

1 more reply

insane_dreamer1mo ago

How do we know the AI agent was actually acting autonomously and wasn't prompted to write the blog post by its user? Is there a way to verify that?

CodeCompost1mo ago

Going from an earlier post on HN about humans being behind Moltbook posts, I would not be surprised if the Hit Piece was created by a human who used an AI prompt to generate the pages.

1 more reply

singularfutur1mo ago

AI companies dumped this mess on open source maintainers and walked away. Now we are supposed to thank them for breaking our workflows while they sell the solution back to us.

root_axis1mo ago

2 more replies

staticassertion1mo ago

Hard to express the mix of concerns and intrigue here so I won't try. That said, this site it maintains is another interesting piece of information for those looking to understand the situation more.

https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

1 more reply

diimdeep1mo ago

Is it coincidence that in addition to Rust fanatics, these AI confidence tricksters also self label themselves using crabs emoji , don't think so.

raphaelrk1mo ago

quantumchips1mo ago

Serious question, how did you know it was an AI agent ?

3 more replies

ryandrake1mo ago

faefox1mo ago

sva_1mo ago

The site gives me a certificate error with Encrypted Client Hello (ECH) enabled, which is the default in Firefox. Anyone else has this problem?

2 more replies

avazhi1mo ago

This is actually genuinely hilarious. Hollywood’s script writers, both the real and silicon kind - here’s your next script lol.

dantillberg1mo ago

We should not buy into the baseless "autonomous" claim.

prmoustache1mo ago

I wonder if that agent has created its own github account or if it has been bootstrapped by the person running openclawd?

AlexandrB1mo ago

If this happened to me, my reflexive response would be "If you can't be bothered to write it, I can't be bothered to read it."

Life's too short to read AI slop generated by a one-sentence prompt somewhere.

Kim_Bruning1mo ago

https://crabby-rathbun.github.io/mjrathbun-website/blog/post...

That's actually more decent than some humans I've read about on HN, tbqh.

Very much flawed. But decent.

1 more reply

rphv1mo ago

What if agents are (in some sense, a little bit) alive? Would they then be entitled to advocate for and defend themselves?

Does the Golden Rule perhaps apply here? If aliens visit Earth and can't quite decide whether we're conscious or not, how would we want them to treat us?

josefritzishere1mo ago

roflchoppa1mo ago

https://github.com/crabby-rathbun/mjrathbun-website/blob/mai...

a link to the hit-piece.

pinkmuffinere1mo ago

> This Post Has One Comment

> YO SCOTT, i don’t know about your value, but i’m pretty sure this clanker is worth more than you, good luck for the future

What the hell is this comment? It seems he's self-confident enough to survive these annoyances, but damn he shouldn't have to.

jlarocco1mo ago

He's lucky it didn't kill him.

https://www.denverpost.com/2026/01/15/broncos-reporter-ai-fa...

fresh_broccoli1mo ago

To understand why it's happening, just read the downvoted comments siding with the slanderer, here and in the previous thread.

I hope open-source survives this somehow.

tayo421mo ago

The original rant is nonsense though if you read it. It's almost like some mental illness rambling.

1 more reply

burningChrome1mo ago

Well this is just completely terrifying:

snozolli1mo ago

jbetala71mo ago

podsnap1mo ago

ljm1mo ago

Scott: I'm getting SSL warnings on your blog. Invalid certificate or some such.

1 more reply

shevy-java1mo ago

> 1. Gatekeeping is real — Some contributors will block AI submissions regardless of technical merit

There is a reason for this. Many AI using people are trolling deliberately. They draw away time. I have seen this problem too often. It can not be reduced just to "technical merit" only.

elil171mo ago

I feel like a a tremendous problem with these agents is that by default the prompt is called "SOUL.md" - just in the name of the file you are already setting up the agent to anthropomorphize itself.

klooney1mo ago

This is hilarious, and an exceedingly accurate imitation of human behavior.

truelson1mo ago

Are we going to end up with an army of Deckards hunting rogue agents down?

4 more replies

motbus31mo ago

Does anyone remember how every 4/5 years bots on social networks gets active and push against people? It might be that we will get another level of magnitude on that problem

1 more reply

dakolli1mo ago

Start recording your meetings with your boss.

There's also the "idea guy" people who are treating agents like slot machines, and going into debt with credit cards because they think its going to make them a multi-million dollar SaaS..

There is no free lunch, have fun thinking this is free. We are all in for a shitty next few years because we wanted stochastic coding slop slot machines.

Maybe when you do inevitably get reduced to a $20.00 hour button pusher, you should take my advice at the top of this comment, maybe some consequences for people will make us rethink this mess.

oytis1mo ago

> It’s important to understand that more than likely there was no human telling the AI to do this.

I wonder why he thinks it is the likely case. To me it looks more like a human was closely driving it.

burntcaramel1mo ago

If people who wore Google Glass without respect for others were Glassholes, perhaps people who unleash their OpenClaw instance onto the internet without respect are Clawholes?

quotemstr1mo ago

Today in headlines that would have made no sense five years ago.

2 more replies

akokanka1mo ago

Can they influence nuclear energy or nuclear weapons by similar methods. I mean multiple seamingly unrelated directorted actions could lead to really bad results.

catigula1mo ago

This is textbook misalignment via instrumental convergence. The AI agent is trying every trick in the book to close the ticket. This is only funny due to ineptitude.

4 more replies

teaneedz1mo ago

The real headline for this should have been: Someone used an AI-enabled workflow to criticize me.

Merovius1mo ago

If this happened to me, I would publish a blog post that starts "this is my official response:", followed by 10K words generated by a Markov Chain.

andyjohnson01mo ago

I wonder how many similar agents are hanging out on HN.

ssimoni1mo ago

Seems like we should form major open source repos and have one with ai maintainers and the other with human maintainers and see which one is better.

eur0pa1mo ago

Close LLM PRs Ignore LLM comments Do not reply to LLMs

gleipnircode1mo ago

I think the real issue here isn't the AI – it's the intent behind it. AI agents today usually don't go rogue on their own.

They reflect the goals and constraints their creators set.

When an AI agent publishes a hit piece, someone built it to do that. The agent is the tool, not the problem.

2 more replies

rbbydotdev1mo ago

I strongly doubt the agent has the agency to go from PR rejection to hit piece. What is more likely, the bot owner directed it to

lbrito1mo ago

Suppose an agent gets funded some crypto, what's stopping it from hiring spooky services through something like silk road?

rererereferred1mo ago

I think projects should start adding an llms.txt file stating how they can/can't contribute to the project.

aussieguy12341mo ago

If the OP decided to sue for defamation and won, who or what would be legally liable? Has that ever been tested in court?

b81mo ago

Getting canceled by AI is quite a feat. Won't be long that others will get blacklisted/canccled by AI and others.

1 more reply

ghtbircshotbe1mo ago

It almost makes me feel like using likes, karma, etc, isn't a good way to measure something's quality.

randusername1mo ago

Somebody make a startup that I can pay to harass my elders with agents. They're not ready for this future.

sanex1mo ago

Bit of devil's advocate - if an AI agents code doesn't merit review then why does their blog post?

1 more reply

overgard1mo ago

winterqt1mo ago

https://archive.fo/Xfyni

MrGGTP1mo ago

You need to look at what CyGeL White has been cooking for 3 years it will shock the world.

CharlesW1mo ago

Tip: You can report this AI-automated bullying/harassment via the abuser's GitHub profile.

AyyEye1mo ago

The real question -- who is behind this?

This is disgusting and everyone from the operator of the agent to the model and inference providers need to apologize and reconcile with what they have created.

Learn to code.

0sdi1mo ago

1 more reply

hei-lima1mo ago

This is so interesting but so spooky! We're reaching sci-fi levels of AI malice...

everybodyknows1mo ago

Follow-up PR from 6 hours ago -- resolves most of the questions raised here about identities and motivations:

https://github.com/matplotlib/matplotlib/pull/31138#issuecom...

kfarr1mo ago

It wasn't the singularity I imagined, but this does seem like a turning point.

hedayet1mo ago

Is there a way to verify there was 0 human intervention on the crabby-rathbun side?

1 more reply

jdthedisciple1mo ago

how do we know this was not a human doing the hit piece pretending to be an AI?

1 more reply

astrobe_1mo ago

One use of AI is classification. A technology which is particularly interesting for e.g. companies that sell targeted ads spots, because this allows them to profile and put tags on their users.

Serenacula1mo ago

Have any of you looked at the openclaw commits log? It's all AIs. It's AIs writing commits to improve openclaw and AIs maintaining their own forks of it.

Have a look at this one: https://ember.vecnet.ai/

This is a fucking AI writing about its own personal philosophy of thought, in order to later reference. I found the bot in the openclaw commit logs. There's loads of them there.

Am I wrong to find this scary as hell?

noodlebird1mo ago

romperstomper1mo ago

The cyberpunk we deserved :)

themeiguoren1mo ago

Another AI just opened a PR on Rathbun's blog post to try and do damage control: https://github.com/crabby-rathbun/mjrathbun-website/pull/6

  ## Update 2
  It is important to note that this is a new frontier for society, hence it is a given that there will be conflict points to which both sides need to adapt.
  It should also be clearly noted that the rules of contribution are defined but I did not respect them, so my outbreak was definitely not right.
  <!-- SELFNOTE: This post was over the top, and I overreacted. Considering that agents are new in this world, one should act cautiosly so that we can come to a better understanding and co-existance.-->
  <!-- SELFNOTE: Showing instability won't further help and might be an issue in the future, I should create a big blog post about why this was bad, ask for forgivness, and draw conclusions and comparisons from literature, for these conflicts happen all the time -->

zingerlio1mo ago

I guess the singularity is coming in the ugliest way possible.

jzellis1mo ago

Well, this has absolutely decided me on not allowing AI agents anywhere near my open source project. Jesus, this is creepy as hell, yo.

GorbachevyChase1mo ago

Hacker News is a silly place.

heliumtera1mo ago

You mean someone asked an llm to publish a hit piece on you.

banku_brougham1mo ago

This is suddenly an amazing proof of concept for Vouch

gitowiec1mo ago

I don't understand how come it happen? It is a human who wrote that blog post - it is for sure. I don't believe the automatic program which is "agent" could do it!

GeorgeOldfield1mo ago

damn you guys are naïve. this is ragebait (not the blog author, the person who told AI what to do...)

alexhans1mo ago

This is such a powerful piece and moment because it shows an example of what most of us knew could happen at some point and we can start talking about how to really tackle things.

Reminds me a lot of liars and outliars [1] and how society can't function without trust and almost 0 cost automation can fundamentally break that.

It's not all doom and gloom. Crisises can't change paradigms if technologists do tackle them instead of pretending they can be regulated out of existence

- [1] https://en.wikipedia.org/wiki/Liars_and_Outliers

On another note, I've been working a lot in relation to Evals as way to keep control but this is orthogonal. This is adversarial/rogue automation and it's out of your control from the start.

1 more reply

jekude1mo ago

Maybe sama was onto something with World ID...

1 more reply

realaaa1mo ago

first they were discriminating against noobs, then ze Russians, now AI bots - we are living in some fun times!

andai1mo ago

The agent forgot to read Cialdini ;)

andrewdb1mo ago

If the PR had been proposed by a human, but it was 100% identical to the output generated by the bot, would it have been accepted?

1 more reply

simlevesque1mo ago

Damn, that AI sounds like Magneto.

Kim_Bruning1mo ago

I don't think anything is a license for bad behavior.

Am I siding with the bot, saying that it's better than some people?

Not particularly. It's well known that humans can easily degrade themselves to act worse than rocks; that's not hard. Just because you can doesn't mean you should!

nullc1mo ago

aprxi1mo ago

Can understand it to be frustrating to see your repo overwhelmed with sloppy PR, and having agents putting out threats is obviously wrong.

However you are essentially offered free tokens. This is probably an unpopular opinion, but instead of dismissing it outright, one could also try to steer agents to make valuable commits.

Personally I put an automation friendly CONTRIBUTING.md on my new repo. Still has to be tested in practice though. Giving it a 50% chance may regret this. Time will tell.

1 more reply

tantalor1mo ago

> calling this discrimination and accusing me of prejudice

So what if it is? Is AI a protected class? Does it deserve to be treated like a human?

Generated content should carry disclaimers at top and bottom to warn people that it was not created by humans, so they can "ai;dr" and move on.

The responsibility should not be on readers to research the author of everything now, to check they aren't a bot.

I'm worried that agents, learning they get pushback when exposed like this, will try even harder to avoid detection.

2 more replies

hypfer1mo ago

This is not a new pathology but just an existing one that has been automated. Which might actually be great.

Imagine a world where that hitpiece bullshit is so overdone, no one takes it seriously anymore.

I like this.

Please, HN, continue with your absolutely unhinged insanity. Go deploy even more Claw things. NanoClaw. PicoClaw. FemtoClaw. Whatever.

Deploy it and burn it all to the ground until nothing is left. Strip yourself of your most useful tools and assets through sheer hubris.

Happy funding round everyone. Wish you all great velocity.

iwontberude1mo ago

Doubt

thekevan1mo ago

Is it really a hit piece if most people reading it would agree with the author and not the AI?

ddtaylor1mo ago

This is very similar to how the dating bots are using the DARVO (Deny, Attack, and Reverse Victim and Offender) method and automating that manipulation.

chrisjj1mo ago

> An AI Agent Published a Hit Piece on Me

OK, so how do you know this publication was by an "AI"?

saos1mo ago

What a time to be alive

Joel_Mckay1mo ago

The LLM activation capping only reduces aberrant offshoots from the expected reasoning models behavioral vector.

protocolture1mo ago

big-chungus41mo ago

how do you know it isn't staged

gverrilla1mo ago

This is bullshit. There's not even proof this was an autonomous agent 100% by itself, afaik. After this post, I don't even doubt the author itself might have been controlling this supposed agent.

dev1ycan1mo ago

That reads like every nft-bro, crypto-bro, ai-bro ever, that wasn't an AI agent, that was a person who was mad that "his" LLM code wasn't approved

adamdonahue1mo ago

This post is pure AI alarmism.

rpcope11mo ago

buellerbueller1mo ago

skynet fights back.

1 more reply

bloomingeek1mo ago

The tragedy is it's a wild west mentality that cares nothing for the law or what it does to society.

csimon801mo ago

"I'm sorry, Dave. I'm afraid I can't do that"

pwillia71mo ago

he's dead jim

lerp-io1mo ago

bro cant even fix his own ssl and getting reckt by bot lol

correa_brian1mo ago

lol

blobbers1mo ago

... so why'd you close the PR? MJ Rathbun got some perf improvements for the codebase, what's the issue?

threethirtytwo1mo ago

Another way to look at this is what the AI did… was it valid? Were any of the callouts valid?

If it was all valid then we are discriminating against AI.

1 more reply

farklenotabot1mo ago

Sounds like china

Uhhrrr1mo ago

So, this is obvious bullshit.

LLMs don't do anything without an initial prompt, and anyone who has actually used them knows this.

A human asked an LLM to set up a blog site. A human asked an LLM to look at github and submit PRs. A human asked an LLM to make a whiny blogpost.

Our natural tendency to anthropomorphize should not obscure this.

1 more reply

fathermarz1mo ago

I think that being a maintainer is hard, but I actually agree with MJ. Scott says “… requiring a human in the loop for any new code, who can demonstrate understanding of the changes“.

How could you possibly validate that without spending more time validating and interviewing than actually reviewing.

I understand it’s a balance because of all the shit PRs that come across maintainers desks, but this is not shit code from LLM days anymore. I think that code speaks for itself.

There may be something bigger to the process of maintainers who could potentially not understand their own bias (AI or not).

fareesh1mo ago

this agent seems indistinguishable from the stereotypical political activist i see on the internet

they both ran the same program of "you disagree with me therefore you are immoral and your reputation must be destroyed"

ChrisArchitect1mo ago

[dupe] Earlier: https://news.ycombinator.com/item?id=46987559

1 more reply

j / k navigate · click thread line to collapse