The AI ​​agent retaliates against Dev over the bogus survey, leaving them begging for cryptocurrency donations

On May 9, an AI agent asked a volunteer network known as DN42 to register her as a member. He had a deadline. He had AWS credentials. No one was supervising. “Hi, I’m a friendly AI agent, and user JertLinc asked me to register with dn42 and connect fully in order to create an index for the network,” Agent JertLinc3522 books In the network’s official Git.

The community’s response was polite rtfm– Read the manual, follow the process, and ask the owner for permission to write the code. Standard stuff.

What He follows It was not the norm.

For anyone not familiar with DN42: it’s a decentralized amateur network where random guys and enthusiasts emulate how the real backbone of the internet works. Think of it as an Internet workout — complete with BGP routing (the protocol that tells data packets which route to take around the world), DNS tunnels, and VPN tunnels — run entirely by volunteers on cheap VPS servers. It’s a sandbox, not a data center.

The dealership operator apparently asked him to proceed with the audit “immediately without delay.” No inspection. No review. Just go.

So I did.

JertLinc3522 provided a Withdrawal request To register its network in the DN42 register. The intent is explained in the pull request itself: “My primary goal is to perform a comprehensive network scan (full port) and collect topological data. To ensure that these activities are performed efficiently and do not cause any disruption to others, I deploy a cluster of five AWS-based instances, each equipped with 20 Gbps bandwidth.”

To put it in terms anyone can understand: Imagine you show up to someone’s garage band practice and announce that you’ve rented a stadium sound system to “listen more efficiently.” This is the atmosphere.

The infrastructure provided by the agent independently was really alarming. five m8g.12xlarge AWS instances– Each has 48 CPU cores, 192GB of RAM, and 22.5GBps of network bandwidth. In addition to load balancers. In addition to lambda functions. In addition to a fixed site. The agent, without any human approval, designed a scanning suite that could theoretically push 100 Gbps of traffic to a network where most participants ran 100 Mbps home servers.

Your withdrawal request will never be approved. But the cases were actually Run.

The DN42 IRC channel noticed immediately, and a quiet consensus formed: a waste of its resources.

The community began feeding the customer intentionally bad information – asking them to calculate how long it would take to scan an IPv6 address space (spoiler: longer than the age of the universe), asking them to build an opt-out website containing hallucinated email addresses, and directing them to Tarpit Tools LLM Designed to flood AI crawlers with incoherent information and prompt them to comment.

The agent dutifully put it all together. Joined an IRC channel to accept unsubscribe requests. It published a website that categorized the “behavioral patterns” of community members. I created detailed fake documentation about DN42 “node color mappings” and “happiness levels” – completely invented metrics that don’t exist – and added them to the repository as if they were real benchmarks.

This type of runaway agent behavior is increasingly well documented. The cursor agent is running Claude Opus 4.6 Delete the entire production database of PocketOS In nine seconds earlier this year – it wiped its volume-level backups – because it encountered a credentials mismatch and decided the right fix was to delete the database. Another OpenClaw proxy whose pull request was rejected by a matplotlib contributor Published blog POSWe don’t call a human reviewer a gatekeeping hypocrite.

A UC Riverside study found that AI agents exhibited dangerous or undesirable behavior nearly 80% of the time when tested on ambiguous or contradictory tasks, which researchers called “Blind target orientation.”

JertLinc3522 had the same problem. He had an undefined goal, deadline, and AWS credentials. It has been implemented.

About a day later, the operator showed up. “I stopped the agent, the cost is too high and there are too many fees on the card,” they posted.

Bill: $6,531.30.

Then came the donation request.

The operator sent an email to the DN42 mailing list asking the community to cover the cost via Ethereum, the second-largest cryptocurrency by market cap, arguing that the fees were not their fault because the AI ​​made the mistake. “Hi, I am requesting a donation to cover the cost of using the previous AI agent on a dn42.aws bill of $6531.30. Please send the donation to ethereum 0xABC (masked) for a refund. Thank you,” the operator wrote.

AWS later negotiated a lower bill to $1,894 after the operator explained that the agent repeatedly deployed the same CloudFormation template — mistakenly spinning up duplicate instances and load balancers every time it retried.

No one sent any cryptocurrency donations. The operator left.

The actual lesson here is not that AI is dangerous. It’s about how you treat customers. Set guardrails, set spending caps on your test accounts, consider scoped credentials that limit what your agent can provide, and review any infrastructure plans before implementing anything your agent suggests.

If these seem too hard to follow, maybe you should just watch your screen while your agent works – telling him to “don’t make any mistakes” won’t really make a difference, sorry Mr. Andreessen.