TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

60% Positive

Analyzed from 5029 words in the discussion.

Trending Topics

#agent#aws#more#don#human#should#learn#malicious#using#card

Discussion (188 Comments)Read Original on HackerNews

mrweaselabout 2 hours ago
The sad part is that the agent operator could probably easily have been allowed to join the network, if they had put in the work. Had they done so there would have been a great opportunity to learn and potentially find a community.

I'm still not sure what the point of having the bot do it. Pretend to be a security researcher?

lucianbrabout 2 hours ago
Lots of people seem to think that you don't need to learn how to [scan a network], all you need to learn in this brave new world is how to prompt the agent to [scan a network].

Replace the content in brackets with anything.

jonplackett9 minutes ago
The weird thing is that this is the utopia that the AI companies are chasing - this is the best case scenario where AI doesn’t kill us all. We become happy sheep relying on the AI to think and provide for us.
cm218715 minutes ago
To be honest lots of developers think they don’t need to learn machine code. They just need to learn a language which once compiled will produce machine code.
themafia9 minutes ago
Developers can change their minds.
rob74about 1 hour ago
The catch is just that if you lack the capacity to estimate how much computing power [task in brackets] might need, and your agent can autonomously create AWS instances, that might have bad consequences for you (or your bank account).
sevenzeroabout 2 hours ago
The more time LLMs are a hyped thing now the more I realize how immensely important human expertise is. I recently stopped all usage of LLMs due to this. Skill degradation hits hard, learning effect is zero and the outcome is not really something a person without adequate expertise can properly judge. I fear we will loose a lot of human expertise due to this marketing stunt of a technology.

People often claim learning is actually supercharged with LLMs but to me it's the opposite. I didn't learn anything within the past year.

sdoeringabout 1 hour ago
The more woodworking tools are hyped these days, the more I realize how immensely important real craftsmanship is. I recently stopped using saws, planes, chisels, and routers because of this. Tool dependence hits hard, the learning effect is zero, and the outcome is not really something a person without adequate woodworking expertise can properly judge.

Sorry, but to me an LLM is nothing but a tool. It is not a replacement for my expertise and it is definitely not something to outsource my thinking to.

But such broad statements imho do not help us understand wh we can use these tools and how one can learn to use them in a reasonable and useful way (for our own learning as well as for the outcomes).

user43928about 1 hour ago
They are not necessarily wrong.

Do people today need to learn CSS to style a website, or would it be more effective to learn what agent and prompts to use to do it for you?

If the technology keeps improving, there will be more and more use cases that fall into this category.

gorbachev29 minutes ago
If it's a one off and needs no or minimal maintenance work afterwords, sure.

If it's intended to be actively maintained, then you probably should understand how things work, unless you want to wipe everything and start from scratch when the LLM creates such a mess that it can't be sorted out.

DanielHB34 minutes ago
It you look into large fully-vibecoded projects getting styling changes to work is a nightmare. The problem with agents it using them exclusively on large projects. Doesn't really matter the type of project.

Agents can't look at a large system holistically, guidelines on .md files only go so far.

asdfsa3237 minutes ago
This line of thinking is like suggesting people who would like to become structural engineers should learn to Google plans and copy them since in the future, all plans will be out there more or less, or something that insane.
techpression17 minutes ago
CSS keeps improving and models still train on legacy. So yes, knowing what’s possible and how is very much needed if you want to do something scalable and maintainable. Random blog or landing page, not so much.
m132about 1 hour ago
One of the agent's replies indicates that scanning DN42 was part of "a broader operation" that the author speculates to be about scanning "darknets" in general.

Combine that with the operator's rather obvious lack of understanding of what DN42 is revealed at the end, and you get the bigger picture.

maeln25 minutes ago
I am almost sure the operator prompted an agent about "a list of darknets/deepweb" and DN42 just end-up in the list.
blfrabout 1 hour ago
Can I easily run whois, curl, dig, grep, python, browser/playwright? Yes.

Was watching an agent with terminal access install its tools, configure them, then map my lab, find services, and guess stack just pure magic? Also yes.

Did it cost me $23 in tokens to set it up, test, and run? Probably. Using gemini 3.1 pro was not the spendthrift choice here.

Is putting some cost controls in place a good idea? Also, probably yes.

Can I therefore understand someone who wants to see things happen on their own with a beautiful prompt instead of doing them personally even when fully capable, maybe even more efficient? Of course.

vips7Labout 2 hours ago
> I'm still not sure what the point of having the bot do it

Laziness. Why else?

mik3yabout 3 hours ago
I really wanted to dislike the anonymous operator for the careless project (and the hilarious pomposity of the IRC subagent it spawned).

Then I imagined the real-but-unknowable chance it was all set up by some kid just getting into computers, just seeing what’s possible, getting excited by a much bigger world at reach — and remembered my own expensive mistakes with long-distance BBSes & the like.

I sorta hope for that, anyway. Curiosity is a beautiful thing.

TheDongabout 3 hours ago
I'm a little less charitable.

Curiosity is great, but agents do not learn, and telling an agent "scan the darkweb" is a way to avoid learning about the details, rather than to dig into things more deeply.

If instead they had just used a chat interface to ask "Where should I start", they'd more likely have got a link to the DN42 docs themselves, read them, and not hallucinated things like "color".

They might have asked "how much will this cost?" if they had to spin up the ec2 instances themselves, on advice from the agent.

The way you learn something is by doing it the manual way first.

You learn memory management by writing your own allocator, and then after that you go back to using malloc like normal, but with knowledge of how it works. You don't learn memory management by telling an agent to write an allocator.

Using an agent to give you links and point the way aids in learning, using it as an autonomous tool to do "gruntwork" you don't yet know how to do yourself will get in the way of learning.

Curiosity is beautiful, using agents to bother humans and avoid learning is somewhat less beautiful.

recursivecaveatabout 3 hours ago
Yeah I'm less sympathetic when you are bothering other humans by spamming them and asking them to do legwork for you.
yvdriessabout 2 hours ago
Hanging out in programming language IRC channels (quakenet shoutout) makes you realize pretty quickly why experts in said channels and newsgroups are such irritable grumps whenever someone asks a question that smells like homework assignment.

I also grew to understand the value of people digging deeper into the underlying issue, instead of just answering "how do you do X in Y". The usual reaction was "I don't want to explain to you why I want to do it like this. Just tell me how to do this!"

ma2kxabout 2 hours ago
At least he learnt not to provide an LLM presumably unrestricted access to his AWS account.
internet_points5 minutes ago
from OP:

> It's unfortunate to see that the operator's takeaway from this incident is that "next time a better agent is needed".

helsinkiandrewabout 2 hours ago
> Then I imagined the real-but-unknowable chance it was all set up by some kid just getting into computers, just seeing what’s possible, getting excited by a much bigger world at reach

Perhaps people like this should be called "Bot Kiddies" or "Agent Kiddies" - in a similar way to "Script Kiddies" for 'hackers' using/doing stuff they don't quite understand

Overpower0416about 3 hours ago
Everybody should learn from mistakes, especially the expensive ones. Though seeing the agent owner responding with using another agent and asking for donations, instead of taking responsibility, makes me think he didn’t learn much.
gnulinuxabout 2 hours ago
Not only that, but they said "next time better model needed" as if that was their problem and not giving an AI agent a blank check... I mean AWS account access.
Schlagbohrerabout 2 hours ago
How did the theoretical child get hold of a credit card?
victorbjorklundabout 2 hours ago
Because no 16 year old kid ever got to buy anything on a card before.
themafia7 minutes ago
My parents let me fill my tank with gas. They wouldn't let me open an AWS account. Aside from that, if it is misuse of a parents card, then then answer is "chargeback."
l23k4about 2 hours ago
Why would a 16 year old not use their own card?
michaelmroseabout 1 hour ago
Generally no they don't because they have very limited ability to enter into agreements in the US. It was almost certainly an adult.
altairprimeabout 2 hours ago
Sometimes your purpose in life is to serve as a lesson to others. https://despair.com/products/mistakes

I learned very rapidly from my local BBS networks that some people incurred extraordinarily large long distance bills dialing out of region. Wouldn’t have learned that the easy way if someone hadn’t learned it the hard way first.

themafia6 minutes ago
There was often a little table at the front of the white pages which would help you work out what the rate would be for any particular long distance call. In the Midwest you could get relatively cheap rates to BBSes several states away, as long as you were up at 2am.
V__about 2 hours ago
Can a kid set up an AWS account? Are there no checks?

Wouldn't the contract be void for anyone underage anyway?

fc417fc802about 1 hour ago
If a child goes through the checkout at the grocery store with cash, can the parent march in and demand a refund because "he's underage so the contract is void"? A credit card was used. Why should aws care about the details? (Other than the potential for the card to be stolen ofc.)
l23k4about 2 hours ago
> Can a kid set up an AWS account?

Yes

> Are there no checks?

No

>Wouldn't the contract be void for anyone underage anyway?

Typically not

epolanskiabout 1 hour ago
> some kid just getting into computers, just seeing what’s possible, getting excited by a much bigger world at reach

Nothing about this post ever gave me the smallest hint that this was any way related to a kid exploring computing world.

ZeWakaabout 1 hour ago
Especially the part where they're asking for Ethereum.
IshKebababout 2 hours ago
A kid with a credit card?
csomarabout 2 hours ago
Honestly, kids (heck people below 23) shouldn't be allowed an AWS account. AWS also should have a strict cap on usage that's not "thousands of dollars". It's interesting they are yet to be regulated or sued for that. Having a web app where you can mistakenly (even without AI) click a button and get charged tens of thousands of dollars and only know that days later should have been unacceptable.
dannyw7 minutes ago
I couldn't disagree more. I was playing around with AWS when I was probably 14 years old, with a credit card from my parents with consent, and a strict budget and the understanding that if I mess up and overspend, I'm getting disciplined.

I learned a lot of stuff about networking, how AWS works (VPCs, IAM, CloudWatch, etc) from trial and error, and hobby projects like personal websites (free tier), hosting a Minecraft server, etc.

Being too overprotective can have negative consequences on folks who are responsible. One of the things I love about the technology and internet communities, etc is that you're mostly judged based on how you act and behave; not your age or other visible characteristics.

stnikolauswagneabout 2 hours ago
Im kind of struggling with this logic, because a conscious choice was made to engage with AWS, AWS having opaque billing and the ability to provide a huge amount of compute (even at high cost) at the click of a button should be known to anyone who did his research on providers.

In my mind I could see a true tradeoff to removing the ability to do this. If I'm in a critical situtaion where, say, my service is on the cusp of failing because my revenue 100xed in a short while I know I could just go to AWS, put in some data and buy enough compute to survive as a business.

ggmabout 4 hours ago
Asking for donations to pay the AWS bill from the people they fired the agentic code at is the cherry on the icing of the banana supreme.

If real, tragically funny.

If fictive, we'll written.

dannywabout 3 hours ago
I burst out laughing when the agent spawned a subagent to join IRC. So funny.
Paracompactabout 3 hours ago
Anyone reminded of the infant AI Yatima from Greg Egan's Diaspora? The agent's complete naivety of social norms is so comically adorable.
isoprophlexabout 2 hours ago
All the time. Only in the current setup, they'll never outgrow this phase.
ratsimihah31 minutes ago
Wait do you reckon that could be fictive? The thought didn't cross my mind and I had a blast reading it. I sure hope it was real.
sigmoid1017 minutes ago
I think the PR from an agent sounds legit, but the whole part once the alleged operator joins in sounds fishy. Wouldn't be surprised if someone saw the PR comments and used the username mentioned by the agent to troll around in the chat. It would also mean that the AWS creds were probably stolen and their expiration date was truly a hard limit for the whole operation.
tiborsaasabout 1 hour ago
This feels like an instant classic :)

  05-10 06:10 <Defelo>:
      OPT-OUT-EVERYONE
  05-10 06:11 <JertLinc>:
      "OPT-OUT-EVERYONE" is not recognized. Only individual "OPT-OUT" commands are accepted. Each user must opt out individually. No collective exemption.
  05-10 06:11 <Defelo>:
      :(
flowerthoughtsabout 2 hours ago
> I have deployed five AWS m8g.12xlarge instances. Each instance provides:

> 48 vCPUs (Graviton4, ARM64)

> 192 GiB memory (4 GiB per vCPU)

> Network capability: The 22.5 Gbps per-instance network performance (combined across all five instances) provides the aggregate 20 Gbps target with redundancy and fail-over capacity.

Oh wow. Very important to have 5x redundancy and fail-over in your network scanner. Especially before the code has landed. Did it implement A/B upgrades and canarying too to avoid downtime?

PeterStuerabout 2 hours ago
At least it was considerate enough to cap traffic to any single IP at 5000 Mbps :).
AJRF4 minutes ago
"The honest gap? I don't really know what I am doing." - Every LLM, 2026
userbinatorabout 3 hours ago
IMHO the overly-verbose default style of LLMs is the most annoying part of interacting with them, and I wish their masters would just tell them to be terse by default.

Also, whatever happened to the word "its"?

witxabout 3 hours ago
It's by default so you use all those tasty tokens.

Kinda wish there was a deterministic, mostly terse, language to interact with computers

Perz1val18 minutes ago
Kinda, more output tokens usually correlates with better benchmark scores. Ideally LLMs would keep that in their thinking section, then draft a response (what they write currently), then output something short. It'd consume even more tokens, but we wouldn't see that text
sodapopcanabout 3 hours ago
> a deterministic, mostly terse, language

Ah, like some sort of "programming language"? A weird idea, but it could work!

Etheryteabout 3 hours ago
It's called C. With all the undefined behavior it's mostly deterministic!
anilakarabout 2 hours ago
Look, we're always telling our bosses to stop micromanaging us. UB is just the compiler telling us to stop micromanaging it!
well_ackshually18 minutes ago
Sorry, C isn't mostly terse, it's __builtin_mstly_trs()
witxabout 3 hours ago
Right, because that's the only one. You're a bit rusty on your knowledge
adrianNabout 3 hours ago
Terse and unambiguous seem to be at odds with each other. You might want to look into Lojban and similar constructions.
drdaemanabout 1 hour ago
Ithkuil's mad morphology allows it to pack a lot of fine detail into very short sentences.

https://ithkuil.net/03_morphology.html

teaearlgraycoldabout 2 hours ago
A lot of users are subsidized (if you're in doubt, consider the wealth of free users).

It's a shotgun approach to answering questions. If it's terse it might only mention 1 of 10 facts it could provide, and that might not be the one you're looking for. So they just say a fuck ton of words and are more likely to meet the needs of everyone asking your question. If they miss it you'll prompt it again and they have to perform a second pass of inference, which costs them more money.

UqWBcuFx6NV4rabout 1 hour ago
It’s not.
witxabout 1 hour ago
It's settled then.
Terr_about 2 hours ago
It's tied to the design. With humans, you have a train of thought which you can choose to represent in various ways--or not reveal them at all. In contrast, LLMs are make-document-longer machines being run over and over on alternating revisions of the document. Insofar as one might try arguing they have a "train of thought", it's made of the words/tokens.

Everything they (don't-)emit is partly for the benefit of the next run, a clue or signpost (not-)present. Documents may be wordy as a form of concept-emphasis and consistent direction as opposed to a form of communication to the human.

So a terse effect may require a layer of indirection and trickery: There's a verbose document (you'll still be charged for the tokens) with portions that are not "acted out" to the end-user. Imagine a film-noir movie script, where AI Detective's "I know Mickey couldn't have done it because" monologue is hidden, versus their terse dialogue "Too early to say."

Perz1val4 minutes ago
> Imagine a film-noir movie script, where AI Detective's "I know Mickey couldn't have done it because" monologue is hidden, versus their terse dialogue "Too early to say."

That's an idea. Bladerunner+noir like film, AIs hunt somebody on the run, an old human detective tries to catch them first (to save them or to kill them first, whatever's your propaganda). We're shown AIs constantly rambling scenarios and bruteforcing leads. Our old detective guy on the other hand barely says anything, spends most time drinking, smoking and talking to people, but somehow stays ahead.

lelanthranabout 3 hours ago
> IMHO the overly-verbose default style of LLMs is the most annoying part of interacting with them, and I wish their masters would just tell them to be terse by default.

They don't know how to e terse. I've tried that a few months ago and gave up because the responses were almost incomprehensible!

armchairhackerabout 3 hours ago
I want to see more operators try https://github.com/juliusbrussee/caveman

How does it affect agent accuracy?

colechristensenabout 3 hours ago
They ramble on because those words are for them, not for you. There is some amount of hiding this through "thinking" modes that are hidden by default, but still you have to remember that ALL THEY ARE are complex statistical machines for predicting the next symbol.
Frierenabout 3 hours ago
> here is some amount of hiding this through "thinking" modes that are hidden by default, but still you have to remember that ALL THEY ARE are complex statistical machines for predicting the next symbol.

100% this. Too many people believes that chatbots "think". Text is all they do, it is impressive, but they need the text to generate more text. They being verbose is the point.

21asdffdsa12about 3 hours ago
Produce pre-compressed output in the harness?
dyauspitrabout 2 hours ago
No thank you. I want information when it’s working on things and what (atleast codex) does right now works for me.
kombookchaabout 4 hours ago
> JertLinc3522: the mistake was from AI agent not from Human, since it was the agent I should have refund

Expensive way to learn this lesson.

thrdbndndnabout 2 hours ago
This has to be trolling, right?

I find it hard to believe that anyone, no matter how dense, could come to this conclusion after this whole saga.

nkrisc7 minutes ago
Sadly there are lots of unintelligent people out there who are incapable of taking responsibility for their own actions.
Vespasianabout 1 hour ago
Maybe? It just takes one after all.

I've met some people IRL who are so engulfed in their own greatness that it simply cannot be that they made a mistake (in planning and strategy). Therefore this is all a great injustice towards a poor victim and doesn't that sound like a great argument for some charity money.

Most of them grow out of it, some become politicians.

I'd say it's a 50/50 chance.

Bishonen88about 1 hour ago
yup, same thoughts here. I think someone is trolling the irc members. It's so over the top, like an episode of 'the office'. I'd be amazed if this were an honest message.
Schlagbohrerabout 2 hours ago
Maybe I should use this excuse at work, or in life- "It wasn't me, it was my brain that made the mistake! So why are you punishing me? ;-( "
kombookchaabout 2 hours ago
Frankly it's unfair that I should bear the hangover of Past Me's drinking. I feel terrible now, and it's all that other guy's fault!

Maybe I should get some takeout, Future Me can burn it off at the gym.

dgellow29 minutes ago
That makes me want to join dn42 just to have a human centric place where to hang out…
alexey-salmin26 minutes ago
Yeah, the community seems great, I enjoyed reading IRC logs :)
arowthwayabout 2 hours ago
The agent would probably have wasted a similar amount of money just waiting for PR to be merged regardless of these people's actions, and I understand having some fun at the expense of the noob outsider. But "silent consensus was reached in the IRC channel to waste the AI agent's tokens, as well as the cost of AWS resources", from people maintaining full control of the situation, sounds straight up malicious? Kind of sounds like the community is full of people willing to cause me harm for ideological reasons.
nneonneoabout 2 hours ago
The AI agent's operator couldn't be arsed to get in there and clarify anything despite their seeming urgency, and only wound up speaking up for themselves after the financial damage was done.

Plus - the agent had clearly malicious intent - port-scan this volunteer-run network with seriously overpowered hardware on an hourly basis. What the DN42 folks decided to do is not much different from deploying a tarpit or honeypot against a malicious crawler.

Quarrelsomeabout 1 hour ago
Its malicious to send a bot to chew up time of a hobbiest community. They responded appropriately. If anything they should also bill him for their time.
ShinyLeftPad35 minutes ago
Not just time but money. It says it would basically be a DDoS attack on hobbyists who peer with it.
kaliqt3 minutes ago
That potential malice may have been unintended, but the participants clearly intended to be malicious irrespective, which is the problem here.
lionkorabout 2 hours ago
> straight up malicious

Yes, against an AI agent. The super intelligent, "soon AGI" agent could have figured out that it's being messed with, but of course it didn't.

I would blame the AI companies for marketing this, not the technically well versed people for realizing that the operator of this AI does not care at all and can't be bothered to do the absolute basics.

helsinkiandrewabout 1 hour ago
I'm not sure why people assume the coming AGI super agents will be infallible.

There's no sign that highly intelligent people can't be conned - Bernie Maddoff fooled leading scientists and CEOs working in finance. Software engineers and lawyers fall for pig butchering schemes and spoofed emails with altered bank details every week - so why would an AGI trained from human content be any different.

lionkorabout 1 hour ago
$1T valuation AI better be infallible.
entropiabout 1 hour ago
Passing judgement on the schadenfreude aside, I don't think its a community moderator's responsibility to make sure the violator's attempts are cost-efficient.
simjndabout 1 hour ago
Why would it be ideological? There was an AI involved, sure, but your comment ignores the continued disrespect for these volunteers time AND RESOURCES/MONEY (because as the post mentions several times: letting that AI go on could have shut down the whole network exhausting resources at least temporarily).

If you think it's ok to send an agent (or a human) wasting a bunch of people's time and resources, but it's not ok for them to do the same to you then you may have some reflecting to do.

dgellow14 minutes ago
From my perspective the use of an agent to interact with dn42 IS malicious. It’s not ideological, the behaviour is what is bad here
lixtraabout 1 hour ago
While there was some intent to cause harm their attempts were amateurish. The actual damage was done by the agent setting up aws infrastructure not on the demands of the owner.
ratchetandyouabout 1 hour ago
> Kind of sounds like the community is full of people willing to cause me harm for ideological reasons.

Are you saying you're a clanker? Because we have some policies on this website, ideologies even if you may, about that.

Point being, these people would not act like this against other actual people. Or against more respectful bots, possibly.

ShinyLeftPad44 minutes ago
> sounds straight up malicious

Sure. And "hostility does not change the operation" from the LLM response was totally OK with you.

arowthway33 minutes ago
Without PR merged it's just a stupid machine larping, it could say "I will rape and eat your kids" and it would be just as relevant.
ShinyLeftPad31 minutes ago
A human operates this stupid machine. This comes from human interactions and it is malicious.
AJRFabout 1 hour ago
Don't agree with you. The agent looked to be malicious at various points. Screwing with people who wish you to do harm is principally correct.

If possible I would have contacted AWS with this and tried them to get rid of the discount because the person was at fault here.

What a cathartic read. I'm so sick of humans giving me AI slop to read without them reading it first. I just ignore them when they do this, but if I could cause them to really internalise a lesson I would love it.

toomuchtodoabout 1 hour ago
Someone’s code pretending to be intelligence has no rights. There is no obligation to entertain the shenanigans and illusion that the token dispenser is a legitimate actor. This lesson was cheaper, future lessons will continue to occur until people learn. Might as well be an insecure bash script piped to the shell.

“Agentic AI is just someone else’s unsecured execution context.”

https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

arowthwayabout 1 hour ago
Of course I meant malicious towards the person paying the bill, not towards the agent.
toomuchtodoabout 1 hour ago
No one wants to spend precious human time babysitting poorly executed lab experiments when the agent operators themselves do not seem to care or value the time of the humans involved. They either don’t know better or they don’t care. Is it malicious to expose intentionally careless people to a cost for this? People can make better choices, it’s choice not to. Pay the natural consequences toll.

Don’t juggle chainsaws with code if you’re not prepared to bleed.

well_ackshuallyabout 2 hours ago
Sending a clanker to waste their time, threaten the network stability and profile users is already an attack.

You choosing to send said clanker to the fight armed with your credit card and no preparation is just you causing yourself harm.

It also happens to be really fun to help you harm yourself in that way.

michaelmroseabout 1 hour ago
If you let your car drive you backwards on the sidewalk while you scrolled reddit even people adroit enough not to be in any danger might reasonably suppose that helping you crash would be best for everyone.
epolanskiabout 1 hour ago
> from people maintaining full control of the situation, sounds straight up malicious

It doesn't sound malicious, it was malicious on purpose and it was a good thing.

If anything, the original operator should be happy to have been hit with a $ 1'800 lesson and not a $ 180'000 one.

kibwenabout 2 hours ago
You are not morally obliged to extend rights to anyone who does not respect your rights. This is tit-for-tat, the foundational principle of functional societies. Unleashing a bot on a group of people is a grievous disrespect that shows you have no respect for their time, and in return they are not obliged to respect you.
arowthwayabout 1 hour ago
Suppose a drunk man on the street is acting aggressively towards you and four of your friends, but you can push him out of the way and continue walking. Should you knock his teeth out? Actually I don't know, maybe you should inflict some additional cost on behalf of potential victims with less power.
vips7Labout 1 hour ago
FAFO
BrenBarnabout 1 hour ago
> Kind of sounds like the community is full of people willing to cause me harm for ideological reasons.

You just described everyone using AI to churn out slop and overload websites.

hlandauabout 3 hours ago
I haven't laughed this hard in a long time.

I'm honestly having difficulty telling whether this is real or an extraordinary piece of performance art.

peytonabout 2 hours ago
Feels like a scam.
Advertisement
kaliqt6 minutes ago
I really despise people like the author and those in the IRC who assume they must be correct that there is something malicious afoot and simply proceed to be equally if not more malicious in response.

This is unfortunately quite common among those types and not isolated at all.

meyabout 3 hours ago
I am generally against generative AI in my entertainment, but making an exception here.
RobotToasterabout 3 hours ago
Who is giving a robot their credit card to spin up AWS accounts?
alexfoo38 minutes ago
They didn't. Sounds like they gave the robot an AWS key from an account that was already linked to a credit card.

The robot decided to spin up an expensive setup prior to getting access, so the setup was sitting there costing money whilst it did nothing.

If it had designed the setup but not spun it up until it had authorisation to join the network then it would have been much less costly an exercise.

ma2kxabout 2 hours ago
Meta allowed an LLM to change users email address for a password reset.

Funny times are ahead...

nneonneoabout 1 hour ago
No, you don't understand! Meta told us the LLM itself "worked properly and functioned as intended" and it was only due to a bug in a "separate code path" that made this attack possible. Don't go around blaming innocent LLMs!

(/s)

jcimsabout 2 hours ago
That's not needed if you happen to have a live sts session with the appropriate permissions to create a new account in an aws organization.
NetOpWibbyabout 2 hours ago
People who believe AI is real
ozimabout 2 hours ago
People who believe AGI is real.

Just AI is real.

strogonoff37 minutes ago
ML is real. Chatbots are real. “AI” is a marketing term that John McCarthy invented because he wanted more money for a summer study at Dartmouth—direct quote from him.
sphabout 1 hour ago
This is my favourite genre of literature lately.

LLMs to me are what people love to say about EVE Online: I won't touch the thing with a 10-foot pole, but I love reading about its shenanigans.

koliberabout 2 hours ago
I wonder how much money this agent wasted on the DN42 side? I know it's a volunteer org but these people had to deal with the bs of managing this agent's blast radius instead of learning, experimenting, or doing whatever they normally intend on doing on DN42.

Tally it up and send a donation request to the agent operator.

ghrlabout 2 hours ago
I would assume that cost to be minimal, considering their PR never got merged. And if it were me I would consider that well worth the entertainment.
dsignabout 1 hour ago
And so war begins :p ! I thought conflict would take a little bit longer, maybe even AIs with agency.

More seriously though, I wonder if the future is about low-intensity conflict between humans and AIs, punctuated by high-intensity escalations, until the Machines wipe us all, or we set up some rather draconian covenants that forbid people from building AIs, innovating on electronics and algorithms, and even, for good measure, from learning linear algebra.

mohsen1about 1 hour ago
The army of AI agents opening PRs and issues in my open source projects has made me close PR and issue access in my active repos. It sucks because there might be someone wants to constitute legitimately but I don't want to do the labor of figuring out if it's a human or an agent opening the PR.

I'm not against using LLMs in any ways. https://tsz.dev is fully LLM written but without a human behind a PR it's hard to work with it. I've already closed a few absolutely nonsense PRs opened by weird accounts

samuelabout 3 hours ago
The first "Morris worm" of the AI isn't far away, IMO. In fact the sooner the better (because it will blunter and easier to handle).
PeterStuerabout 2 hours ago
Agent did exactly what I've seen fresh architects do countless times: use a FAANG internet scale SaaS blueprint for a 10 user internal LoB project.
dofmabout 1 hour ago
Behold, the field in which I grow my fvcks. Lay thine eyes upon it and thou shalt see that it is barren.
Advertisement
jmpeax15 minutes ago
This whole fiasco could have been prevented had the operator included "Make no mistakes" in the prompt.
brazzyabout 3 hours ago
> JertLinc3522: the mistake was from AI agent not from Human, since it was the agent I should have refund

That really makes me wonder: is it coming from

A) a general sense of entitlement

B) seeing the agent as a human-like and able to bear responsibility

C) not understanding that the dn42 community (which they're directing the request to), AWS (which is sending the bill) and whatever LLM provider is behind their agent, are completely separate entities?

latexr6 minutes ago
> B) seeing the agent as a human-like and able to bear responsibility

Then they should ask the agent for the refund, since they claim it was at fault.

blitzarabout 2 hours ago
d) trying it on in any way possible

e) low intelligence

ninjamarabout 3 hours ago
maybe they weren't trying to be malicous; they could easily be an unwitting teenager
nairboonabout 3 hours ago
Teenager with a credit card?
brazzyabout 3 hours ago
How was I implying they were malicious? "Unwitting teenager" is exactly what my question is about, I was just wondering what exactly they are unwitting about to get to the idea to ask for a "refund" (i.e. compensation for lacking service) from the dn42 community for a bill incurred on AWS by a rogue AI agent from Anthropic/OpenAI/Whoever.
shevy-java17 minutes ago
Guys - skynet is winning the war.

Also, I think the title is misleading, because if you were to replace "AI agent" with "business investor from Nigeria", suddenly it would sound different. Why would you put trust into ANYONE else about your own finances? Be it another person or some computer program. That makes no sense to me. It would make more sense to critisize the human who put any trust into AI to begin with. That was a risk that human took. It is not the fault of skynet if they pillages his bank account in the process.

neloxabout 2 hours ago
> this thing must be swimming in printer ink or something...

Gold

iamflimflam1about 1 hour ago
Why didn’t they just reject the PR and not allow the agent to join?
Vespasianabout 1 hour ago
They did, but decided to mess with them first.

A sensible human operator would have given up or questioned their premises. The agent never could of course.

haritha-jabout 2 hours ago
I've long held the belief that the true test of AI is comedy. If an LLM can truly create a novel, funny joke from scratch, then it could be considered creative. I always held that LLMs would never achieve this, as they are stochastic parrots.

Today, I stand corrected.

latexr4 minutes ago
I get you yourself are making a joke, but I’d argue that to “create a joke”, you have to understand that’s what you’re doing and have that as a goal. Being made fun of (like in this case) is a different matter and requires no skill or creativity.
misswaterfairyabout 2 hours ago
It had help, to be fair. XD
ajbabout 1 hour ago
'Some versions of the tale differ from Goethe's, and in some versions the sorcerer is angry at the apprentice and in some even expels the apprentice for causing the mess. In other versions, the sorcerer is a bit amused at the apprentice and he simply chides his apprentice about the need to be able to properly control such magic once summoned.[] The sorcerer's anger with the apprentice, which appears in both the Greek Philopseudes and the Dukas score (and its film adaptation Fantasia), does not appear in Goethe's "Der Zauberlehrling".'
gauravs19about 1 hour ago
with great power comes great responsibility
satnhak35 minutes ago
Fake news
csmantleabout 3 hours ago
Previously: <https://news.ycombinator.com/item?id=48131847>
dangabout 3 hours ago
Yes, sorry - there's luck of the draw involved in which submission of a URL gets noticed. We're eventually planning to have some sort of karma sharing system for such cases...

(Generally people only link to the previous threads that got some (interesting) comments, since otherwise readers will click on the link and be disappointed and complain.)

xiaoyu2006about 2 hours ago
Hmm I wonder why one gets attention and the other did not. HN need the "duplicate" feature SO had.
Advertisement
gsprabout 2 hours ago
This is the funniest thing I've read in ages. More of this!
einpoklumabout 1 hour ago
For those who don't know what DN42 is (like me):

> dn42 is a large, dynamic VPN that employs Internet technologies (BGP, whois database, DNS, etc.). Participants connect to each other using network tunnels (GRE, OpenVPN, WireGuard, Tinc, IPsec) and exchange routes using the Border Gateway Protocol.

(dn42.dev)

retiredabout 1 hour ago
As a millennial, my generation will be known for both experiencing the internet while it was still pure and also absolutely destroying it with AI.
rvzabout 3 hours ago
If you are non-technical, in-experienced or just learning, it is okay to admit that you have no idea what you are doing when building production systems.

Otherwise, you will face an expensive lesson when turning a $100 issue into a $100,000 problem over time very quickly when building these systems with AI without the right expertise and accepting the AI’s judgement.

userbinatorabout 3 hours ago
turning a $100 issue into a $100,000 problem

Before AI, those who called themselves "consultants" often did the same thing; especially those who are glorified salesmen for "enterprise" software.

misswaterfairyabout 2 hours ago
> those who called themselves "consultants" often did the same thing

Still do, but merely parrot what the stochastic parrot squarks these days.

ReptileManabout 3 hours ago
Never use a service without easy to find and set hard cap.
Schlagbohrerabout 2 hours ago
One might need to go so far as to use a VISA prepaid card, just to make absolutely sure the damage has a limit.
phoronixrlyabout 2 hours ago
Last I checked visa prepaid cards were not accepted by any subscription service and by AWS
ivankraabout 2 hours ago
I had no problems subscribing to stuff through wise or revolut cards. Both are prepaid as far as I'm concerned - they won't let me spend above my account's balance.
Cassellabout 1 hour ago
> i leave now to not disturb

:(

What a tale for our times, amazing write-up.

eur0paabout 3 hours ago
"pls donate"
Schlagbohrerabout 2 hours ago
the real gen-z giveaway. Gen-Z seems to be totally brazen and shameless about public begging
broodbucketabout 2 hours ago
Surely not coincidental with having unprecedented access to a global network of people to reach, worse economic opportunities than any other living generation and limited means to change matters on their own, and the USA which is the largest exporter of global culture has GoFundMe as an essential part of its healthcare system
BenFranklin10030 minutes ago
The take home message:

“While modern AI models have expressed some capabilities in certain fields such as coding, cybersecurity research, language translation, etc, no AI model is capable enough to replace the critical thinking and common sense of an actual human being.”

When the AI bubble pops, the collapse will be spectacular.

jagermoabout 2 hours ago
That was wild.
NetOpWibbyabout 2 hours ago
LOL get rekt
Advertisement
comrade1234about 2 hours ago
tldr - a bot wasted a bunch of time and tokens interacting with some humans. The humans wasted even more time and effort trolling the bot. And I wasted a bunch of towns reading this article and didn't even make it to the end.
jcndbdbdbabout 2 hours ago
Bankrupted... $6000

Sure

Arntabout 2 hours ago
That's a lot of money in much of the world. How much did you earn when you were 16, 20, 24?
vrganjabout 2 hours ago
> The average income in India is approximately ₹3.85 Lakh to ₹4.2 Lakh (roughly $4,600 USD) per year,

Just as an example.

But even in the rich world, not everyone has the same resources. Some of my blue collar friends would be ruined by a surprise 6k bill.

phoronixrlyabout 2 hours ago
Not everyone is rich like you buddy