Lots of people seem to think that you don't need to learn how to [scan a network], all you need to learn in this brave new world is how to prompt the agent to [scan a network].

Replace the content in brackets with anything.

Can I easily run whois, curl, dig, grep, python, browser/playwright? Yes.

Was watching an agent with terminal access install its tools, configure them, then map my lab, find services, and guess stack just pure magic? Also yes.

Did it cost me $23 in tokens to set it up, test, and run? Probably. Using gemini 3.1 pro was not the spendthrift choice here.

Is putting some cost controls in place a good idea? Also, probably yes.

Can I therefore understand someone who wants to see things happen on their own with a beautiful prompt instead of doing them personally even when fully capable, maybe even more efficient? Of course.

One of the agent's replies indicates that scanning DN42 was part of "a broader operation" that the author speculates to be about scanning "darknets" in general.

Combine that with the operator's rather obvious lack of understanding of what DN42 is revealed at the end, and you get the bigger picture.

> I'm still not sure what the point of having the bot do it

Laziness. Why else?

I'm a little less charitable.

Curiosity is great, but agents do not learn, and telling an agent "scan the darkweb" is a way to avoid learning about the details, rather than to dig into things more deeply.

If instead they had just used a chat interface to ask "Where should I start", they'd more likely have got a link to the DN42 docs themselves, read them, and not hallucinated things like "color".

They might have asked "how much will this cost?" if they had to spin up the ec2 instances themselves, on advice from the agent.

The way you learn something is by doing it the manual way first.

You learn memory management by writing your own allocator, and then after that you go back to using malloc like normal, but with knowledge of how it works. You don't learn memory management by telling an agent to write an allocator.

Using an agent to give you links and point the way aids in learning, using it as an autonomous tool to do "gruntwork" you don't yet know how to do yourself will get in the way of learning.

Curiosity is beautiful, using agents to bother humans and avoid learning is somewhat less beautiful.

> Then I imagined the real-but-unknowable chance it was all set up by some kid just getting into computers, just seeing what’s possible, getting excited by a much bigger world at reach

Perhaps people like this should be called "Bot Kiddies" or "Agent Kiddies" - in a similar way to "Script Kiddies" for 'hackers' using/doing stuff they don't quite understand

Everybody should learn from mistakes, especially the expensive ones. Though seeing the agent owner responding with using another agent and asking for donations, instead of taking responsibility, makes me think he didn’t learn much.

How did the theoretical child get hold of a credit card?

Sometimes your purpose in life is to serve as a lesson to others. https://despair.com/products/mistakes

I learned very rapidly from my local BBS networks that some people incurred extraordinarily large long distance bills dialing out of region. Wouldn’t have learned that the easy way if someone hadn’t learned it the hard way first.

Can a kid set up an AWS account? Are there no checks?

Wouldn't the contract be void for anyone underage anyway?

> some kid just getting into computers, just seeing what’s possible, getting excited by a much bigger world at reach

Nothing about this post ever gave me the smallest hint that this was any way related to a kid exploring computing world.

A kid with a credit card?

Honestly, kids (heck people below 23) shouldn't be allowed an AWS account. AWS also should have a strict cap on usage that's not "thousands of dollars". It's interesting they are yet to be regulated or sued for that. Having a web app where you can mistakenly (even without AI) click a button and get charged tens of thousands of dollars and only know that days later should have been unacceptable.

I burst out laughing when the agent spawned a subagent to join IRC. So funny.

Wait do you reckon that could be fictive? The thought didn't cross my mind and I had a blast reading it. I sure hope it was real.

At least it was considerate enough to cap traffic to any single IP at 5000 Mbps :).

It's by default so you use all those tasty tokens.

Kinda wish there was a deterministic, mostly terse, language to interact with computers

It's tied to the design. With humans, you have a train of thought which you can choose to represent in various ways--or not reveal them at all. In contrast, LLMs are make-document-longer machines being run over and over on alternating revisions of the document. Insofar as one might try arguing they have a "train of thought", it's made of the words/tokens.

Everything they (don't-)emit is partly for the benefit of the next run, a clue or signpost (not-)present. Documents may be wordy as a form of concept-emphasis and consistent direction as opposed to a form of communication to the human.

So a terse effect may require a layer of indirection and trickery: There's a verbose document (you'll still be charged for the tokens) with portions that are not "acted out" to the end-user. Imagine a film-noir movie script, where AI Detective's "I know Mickey couldn't have done it because" monologue is hidden, versus their terse dialogue "Too early to say."

> IMHO the overly-verbose default style of LLMs is the most annoying part of interacting with them, and I wish their masters would just tell them to be terse by default.

They don't know how to e terse. I've tried that a few months ago and gave up because the responses were almost incomprehensible!

I want to see more operators try https://github.com/juliusbrussee/caveman

How does it affect agent accuracy?

They ramble on because those words are for them, not for you. There is some amount of hiding this through "thinking" modes that are hidden by default, but still you have to remember that ALL THEY ARE are complex statistical machines for predicting the next symbol.

Produce pre-compressed output in the harness?

No thank you. I want information when it’s working on things and what (atleast codex) does right now works for me.

This has to be trolling, right?

I find it hard to believe that anyone, no matter how dense, could come to this conclusion after this whole saga.

Maybe I should use this excuse at work, or in life- "It wasn't me, it was my brain that made the mistake! So why are you punishing me? ;-( "

The AI agent's operator couldn't be arsed to get in there and clarify anything despite their seeming urgency, and only wound up speaking up for themselves after the financial damage was done.

Plus - the agent had clearly malicious intent - port-scan this volunteer-run network with seriously overpowered hardware on an hourly basis. What the DN42 folks decided to do is not much different from deploying a tarpit or honeypot against a malicious crawler.

If I read the whole thing correctly, people on the IRC channel didn't instruct the agent to set up the bloated AWS infrastructure, the agent did, and its operator clearly didn't review any of it.

That was the root cause for the costs, not actions by people on the IRC channel.

Is absurd to put the onus of making sure your agent doesn’t waste money on other people.

They are free to ask the bot to do anything, and the bot is free to refuse or its owner can shut it down. The onus is on the owner to make sure the bot does not waste money.

Its malicious to send a bot to chew up time of a hobbiest community. They responded appropriately. If anything they should also bill him for their time.

> straight up malicious

Yes, against an AI agent. The super intelligent, "soon AGI" agent could have figured out that it's being messed with, but of course it didn't.

I would blame the AI companies for marketing this, not the technically well versed people for realizing that the operator of this AI does not care at all and can't be bothered to do the absolute basics.

Passing judgement on the schadenfreude aside, I don't think its a community moderator's responsibility to make sure the violator's attempts are cost-efficient.

Why would it be ideological? There was an AI involved, sure, but your comment ignores the continued disrespect for these volunteers time AND RESOURCES/MONEY (because as the post mentions several times: letting that AI go on could have shut down the whole network exhausting resources at least temporarily).

If you think it's ok to send an agent (or a human) wasting a bunch of people's time and resources, but it's not ok for them to do the same to you then you may have some reflecting to do.

> for ideological reasons.

Yes. The ideology is "you harmed me first so now I can harm you back." A large number of people, while not willing to admit it, do practice this philosophy. One should consider this before launching agents with unlimited budgets into the world to rudely scan their networks.

From my perspective the use of an agent to interact with dn42 IS malicious. It’s not ideological, the behaviour is what is bad here

While there was some intent to cause harm their attempts were amateurish. The actual damage was done by the agent setting up aws infrastructure not on the demands of the owner.

> Kind of sounds like the community is full of people willing to cause me harm for ideological reasons.

Are you saying you're a clanker? Because we have some policies on this website, ideologies even if you may, about that.

Point being, these people would not act like this against other actual people. Or against more respectful bots, possibly.

> sounds straight up malicious

Sure. And "hostility does not change the operation" from the LLM response was totally OK with you.

Don't agree with you. The agent looked to be malicious at various points. Screwing with people who wish you to do harm is principally correct.

If possible I would have contacted AWS with this and tried them to get rid of the discount because the person was at fault here.

What a cathartic read. I'm so sick of humans giving me AI slop to read without them reading it first. I just ignore them when they do this, but if I could cause them to really internalise a lesson I would love it.

Someone’s code pretending to be intelligence has no rights. There is no obligation to entertain the shenanigans and illusion that the token dispenser is a legitimate actor. This lesson was cheaper, future lessons will continue to occur until people learn. Might as well be an insecure bash script piped to the shell.

“Agentic AI is just someone else’s unsecured execution context.”

https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

Sending a clanker to waste their time, threaten the network stability and profile users is already an attack.

You choosing to send said clanker to the fight armed with your credit card and no preparation is just you causing yourself harm.

It also happens to be really fun to help you harm yourself in that way.

If you let your car drive you backwards on the sidewalk while you scrolled reddit even people adroit enough not to be in any danger might reasonably suppose that helping you crash would be best for everyone.

> from people maintaining full control of the situation, sounds straight up malicious

It doesn't sound malicious, it was malicious on purpose and it was a good thing.

If anything, the original operator should be happy to have been hit with a $ 1'800 lesson and not a $ 180'000 one.

You are not morally obliged to extend rights to anyone who does not respect your rights. This is tit-for-tat, the foundational principle of functional societies. Unleashing a bot on a group of people is a grievous disrespect that shows you have no respect for their time, and in return they are not obliged to respect you.

FAFO

> Kind of sounds like the community is full of people willing to cause me harm for ideological reasons.

You just described everyone using AI to churn out slop and overload websites.

Yeah, the community seems great, I enjoyed reading IRC logs :)

Feels like a scam.

They didn't. Sounds like they gave the robot an AWS key from an account that was already linked to a credit card.

The robot decided to spin up an expensive setup prior to getting access, so the setup was sitting there costing money whilst it did nothing.

If it had designed the setup but not spun it up until it had authorisation to join the network then it would have been much less costly an exercise.

Meta allowed an LLM to change users email address for a password reset.

Funny times are ahead...

That's not needed if you happen to have a live sts session with the appropriate permissions to create a new account in an aws organization.

People who believe AI is real

I would assume that cost to be minimal, considering their PR never got merged. And if it were me I would consider that well worth the entertainment.

> B) seeing the agent as a human-like and able to bear responsibility

Then they should ask the agent for the refund, since they claim it was at fault.

d) trying it on in any way possible

e) low intelligence

maybe they weren't trying to be malicous; they could easily be an unwitting teenager

They did, but decided to mess with them first.

A sensible human operator would have given up or questioned their premises. The agent never could of course.

I get you yourself are making a joke, but I’d argue that to “create a joke”, you have to understand that’s what you’re doing and have that as a goal. Being made fun of (like in this case) is a different matter and requires no skill or creativity.

To your metric, I remember in “the early days” someone posted to HN claiming ChatGPT could make jokes as proof of something (creativity? sentience? I forget). Of course, with just a minute of research (which the poster obviously neglected to do) it was obvious none of the jokes were original and all could be found online.

It had help, to be fair. XD

Yes, sorry - there's luck of the draw involved in which submission of a URL gets noticed. We're eventually planning to have some sort of karma sharing system for such cases...

(Generally people only link to the previous threads that got some (interesting) comments, since otherwise readers will click on the link and be disappointed and complain.)

Hmm I wonder why one gets attention and the other did not. HN need the "duplicate" feature SO had.

turning a $100 issue into a $100,000 problem

Before AI, those who called themselves "consultants" often did the same thing; especially those who are glorified salesmen for "enterprise" software.

One might need to go so far as to use a VISA prepaid card, just to make absolutely sure the damage has a limit.

the real gen-z giveaway. Gen-Z seems to be totally brazen and shameless about public begging

That's a lot of money in much of the world. How much did you earn when you were 16, 20, 24?

> The average income in India is approximately ₹3.85 Lakh to ₹4.2 Lakh (roughly $4,600 USD) per year,

Just as an example.

But even in the rich world, not everyone has the same resources. Some of my blue collar friends would be ruined by a surprise 6k bill.

Not everyone is rich like you buddy