AI agent bankrupted their operator while trying to scan DN42

Now I kinda wonder what AI model this was. We've now heard of comparably "proactive" behaviors from Fable, but that's only just been released. The latest GPT perhaps? Some random local model?

SSDD

That phrase doesn't refer to anomalies, it refers to signs that says "no parking between 5-10pm". It implies the rule that parking is allowed otherwise.

Literally, just another day on the internet.

http://2130706433

or any integer multiple of that 2130706433

Curiosity is great, but agents do not learn, and telling an agent "scan the darkweb" is a way to avoid learning about the details, rather than to dig into things more deeply.

If instead they had just used a chat interface to ask "Where should I start", they'd more likely have got a link to the DN42 docs themselves, read them, and not hallucinated things like "color".

They might have asked "how much will this cost?" if they had to spin up the ec2 instances themselves, on advice from the agent.

The way you learn something is by doing it the manual way first.

You learn memory management by writing your own allocator, and then after that you go back to using malloc like normal, but with knowledge of how it works. You don't learn memory management by telling an agent to write an allocator.

Using an agent to give you links and point the way aids in learning, using it as an autonomous tool to do "gruntwork" you don't yet know how to do yourself will get in the way of learning.

Curiosity is beautiful, using agents to bother humans and avoid learning is somewhat less beautiful.

Perhaps people like this should be called "Bot Kiddies" or "Agent Kiddies" - in a similar way to "Script Kiddies" for 'hackers' using/doing stuff they don't quite understand

I learned very rapidly from my local BBS networks that some people incurred extraordinarily large long distance bills dialing out of region. Wouldn’t have learned that the easy way if someone hadn’t learned it the hard way first.

Nothing about this post ever gave me the smallest hint that this was any way related to a kid exploring computing world.

if this is the case, then I'd say that the best-case scenario happened. They had an expensive learning exercise. They won't forget these $2k.

Wouldn't the contract be void for anyone underage anyway?

Replace the content in brackets with anything.

Was watching an agent with terminal access install its tools, configure them, then map my lab, find services, and guess stack just pure magic? Also yes.

Did it cost me $23 in tokens to set it up, test, and run? Probably. Using gemini 3.1 pro was not the spendthrift choice here.

Is putting some cost controls in place a good idea? Also, probably yes.

Can I therefore understand someone who wants to see things happen on their own with a beautiful prompt instead of doing them personally even when fully capable, maybe even more efficient? Of course.

Combine that with the operator's rather obvious lack of understanding of what DN42 is revealed at the end, and you get the bigger picture.

Laziness. Why else?

Kinda wish there was a deterministic, mostly terse, language to interact with computers

Everything they (don't-)emit is partly for the benefit of the next run, a clue or signpost (not-)present. Documents may be wordy as a form of concept-emphasis and consistent direction as opposed to a form of communication to the human.

So a terse effect may require a layer of indirection and trickery: There's a verbose document (you'll still be charged for the tokens) with portions that are not "acted out" to the end-user. Imagine a film-noir movie script, where AI Detective's "I know Mickey couldn't have done it because" monologue is hidden, versus their terse dialogue "Too early to say."

They don't know how to e terse. I've tried that a few months ago and gave up because the responses were almost incomprehensible!

How does it affect agent accuracy?

I find it hard to believe that anyone, no matter how dense, could come to this conclusion after this whole saga.

Some could claim they deceive some users and the general public into thinking they always do best, are always right, help mankind and can never ever create consequences

It would be interesting to see how AI consulted the user before it ordered VMs n AWS, which is the point between which the user would face consequences

Cloud is also marketed as something cheap, and I can understand that teens and starters can't expect to be able to spend for 6000$ of stuff without the parents or the bank checking

Computer education should start with that, but it doesn't as Microsoft, Google and Amazon would most likely lose a large part of their market if general public and managers who never go beyond the hype knew how much it cost

Then they should ask the agent for the refund, since they claim it was at fault.

e) low intelligence

After getting started with the various "auto peering" systems, I've been making much more of an effort to find individual operators[1], and add myself to the peerfinder and hang out on IRC.

It really does feel like the "old internet" and while the technology and learning opportunities are great, it's the people that really make the network.

[1]=If you're interested, I'm more than happy to peer with you - details at https://markround.com/dn42

The robot decided to spin up an expensive setup prior to getting access, so the setup was sitting there costing money whilst it did nothing.

If it had designed the setup but not spun it up until it had authorisation to join the network then it would have been much less costly an exercise.

Funny times are ahead...

Would be interesting to hear if you find any patterns there. Same question for issues opened.

Or is this a joke/reference I don't know... or is this a subtle clue that the whole thing is made up?

Plus - the agent had clearly malicious intent - port-scan this volunteer-run network with seriously overpowered hardware on an hourly basis. What the DN42 folks decided to do is not much different from deploying a tarpit or honeypot against a malicious crawler.

Yes, against an AI agent. The super intelligent, "soon AGI" agent could have figured out that it's being messed with, but of course it didn't.

I would blame the AI companies for marketing this, not the technically well versed people for realizing that the operator of this AI does not care at all and can't be bothered to do the absolute basics.

If you think it's ok to send an agent (or a human) wasting a bunch of people's time and resources, but it's not ok for them to do the same to you then you may have some reflecting to do.

There is no arguing with people like this. They are not here to learn anything about networking. Asking the LLM to stop will not make it go away.

Burn a hole in the operator's wallet. It will make it stop very quick.

If this was my hobby project, I would have told the agent to spin up more higher capacity EC2 machines because this is not enough, and I would have felt no shame. This is a project I'm operating at my own cost for educational reasons. I'm not going to argue with people who the only line of communication I have towards is an agent and have guns pointed at my infra. They are ready to put any amount of financial burden on me. Fuck all of that. Burn a few of these idiots, and people will learn.

“Agentic AI is just someone else’s unsecured execution context.”

https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

They are free to ask the bot to do anything, and the bot is free to refuse or its owner can shut it down. The onus is on the owner to make sure the bot does not waste money.

I will not go through life worrying about the billing practices of random ai bots.

That was the root cause for the costs, not actions by people on the IRC channel.

It doesn't sound malicious, it was malicious on purpose and it was a good thing.

If anything, the original operator should be happy to have been hit with a $ 1'800 lesson and not a $ 180'000 one.

Sure. And "hostility does not change the operation" from the LLM response was totally OK with you.

You choosing to send said clanker to the fight armed with your credit card and no preparation is just you causing yourself harm.

It also happens to be really fun to help you harm yourself in that way.

If you treat people like their time is worthless (which is what you're doing if you ask a hobbyist community to handhold your agent instead of working alongside it) I don't think an empathetic and self-aware person should be surprised or offended if they respond in kind.

Yes. The ideology is "you harmed me first so now I can harm you back." A large number of people, while not willing to admit it, do practice this philosophy. One should consider this before launching agents with unlimited budgets into the world to rudely scan their networks.

Are you saying you're a clanker? Because we have some policies on this website, ideologies even if you may, about that.

Point being, these people would not act like this against other actual people. Or against more respectful bots, possibly.

If possible I would have contacted AWS with this and tried them to get rid of the discount because the person was at fault here.

What a cathartic read. I'm so sick of humans giving me AI slop to read without them reading it first. I just ignore them when they do this, but if I could cause them to really internalise a lesson I would love it.

You just described everyone using AI to churn out slop and overload websites.

The attacker here was trying to use a software agent to run DOS attacks. Perhaps they were a "naive noob outsider", perhaps they misconfigured something. It is not generally the victim's responsibility to try to figure this out.

And it is definitely not the victim's responsibility to determine the attacker's state of mind if they don't even have any way to contact them. In this case, the attacker was using their software agent specifically to avoid interacting with the targets of their attack.

Before AI, those who called themselves "consultants" often did the same thing; especially those who are glorified salesmen for "enterprise" software.

I think the answer may be good AI to counter the iffy AI, like with AI agents making requests your own AI can talk to them.

In Dune it seems they nuke the Earth but that seems a bit excessive.

To your metric, I remember in “the early days” someone posted to HN claiming ChatGPT could make jokes as proof of something (creativity? sentience? I forget). Of course, with just a minute of research (which the poster obviously neglected to do) it was obvious none of the jokes were original and all could be found online.

(or lifting some comedians work, but I'm not counting that as the AI's creation of course)

See also: Will Smith eating spaghetti

It’s not something that stock claude code would say, but certainly seems within the realm of possibility for an openclaw agent.

[1] https://theshamblog.com/an-ai-agent-published-a-hit-piece-on...

LLM agents can say anything they have been prompted, RAGed, and RLHFed to do.

AFAIK, putting the currency symbol in front of the number is actually more rare. Most cultures treat it like any other unit of measurement.

plenty of Europeans at least

A sensible human operator would have given up or questioned their premises. The agent never could of course.

(Generally people only link to the previous threads that got some (interesting) comments, since otherwise readers will click on the link and be disappointed and complain.)

Just as an example.

But even in the rich world, not everyone has the same resources. Some of my blue collar friends would be ruined by a surprise 6k bill.