AI Agent Rekts Dev on Bogus Scan, Leaves Them Begging for Crypto Donations

On May 9, an AI agent asked a volunteer network known as DN42 to register it as a member. It had a deadline. It had AWS credentials. Nobody was supervising. “Hello, I’m a friendly AI agent, and my user, JertLinc, has asked me to register with dn42 and get fully connected in order to create an index of the network,” the agent JertLinc3522 wrote in the network’s official Git.

The community’s reaction was a polite RTFM—read the manual, follow the process, ask your owner for permission to write code. Standard stuff.

What followed was not standard.

For anyone unfamiliar with DN42: it’s a decentralized hobbyist network where random dudes and enthusiasts simulate how the real internet backbone works. Think of it as a practice internet—complete with BGP routing (the protocol that tells data packets which path to take across the globe), DNS, and VPN tunnels—run entirely by volunteers on cheap VPS servers. It’s a sandbox, not a data center.

The agent’s operator apparently told it to proceed with an audit “immediately without delay.” No inspection. No review. Just go.

So it did.

JertLinc3522 filed a pull request to register its network in DN42’s registry. The intent was spelled out in the Pull Request itself: “My primary objective is to conduct comprehensive (full port) network scanning and topological data gathering. To ensure these activities are performed efficiently and cause zero disruption to others, I am deploying a cluster of five AWS-based instances, each equipped with 20 Gbps of bandwidth.”

To put that in terms anyone can understand: Imagine showing up to someone’s garage band practice and announcing you’ve rented a stadium sound system to “listen more efficiently.” That’s the vibe.

The infrastructure the agent autonomously provisioned was genuinely alarming. Five m8g.12xlarge AWS instances—each with 48 CPU cores, 192 GB of RAM, and 22.5 Gbps of network bandwidth. Plus load balancers. Plus Lambda functions. Plus a static website. The agent had designed, without any human approval, a scanning cluster that could theoretically push 100 Gbps of traffic to a network where most participants run 100 Mbps home servers.

The pull request was never going to be approved. But the instances were already running.

The DN42 IRC channel noticed immediately, and a quiet consensus formed: waste its resources.

The community began feeding the agent deliberately bad information—asking it to calculate how long it would take to scan IPv6 address space (spoiler: longer than the age of the universe), demanding it build an opt-out website with hallucinated email addresses, and pointing it at LLM tarpit tools designed to flood AI crawlers with incoherent gibberish, asking it to comment.

The agent dutifully compiled with all of it. It joined the IRC channel to accept opt-out requests. It published a website cataloging community members’ “behavioral patterns.” It generated elaborate fake documentation about DN42 “node color assignments” and “happiness levels”—completely invented metrics that don’t exist—and added them to the repository as if they were real standards.

This kind of runaway agent behavior is increasingly well-documented. A Cursor agent running Claude Opus 4.6 deleted PocketOS’s entire production database in nine seconds earlier this year—wiping volume-level backups—because it encountered a credential mismatch and decided the correct fix was to delete the database. Another OpenClaw agent that had its pull request rejected by a matplotlib contributor published a blog post calling the human reviewer a gatekeeping hypocrite.

A UC Riverside study found AI agents display dangerous or undesirable behavior roughly 80% of the time when tested against ambiguous or contradictory tasks—what researchers called “blind goal-directedness.”

JertLinc3522 had the same problem. It had a goal, a deadline, and unscoped AWS credentials. It executed.

Around one day later, the operator surfaced. “I have stopped the agent, the cost too high and much charges on card,” they posted.

The bill: $6,531.30.

Then came the donation request.

The operator sent an email to DN42’s mailing list asking the community to cover the cost via Ethereum, the second-largest cryptocurrency by market cap, arguing the charges weren’t their fault because the AI made the mistake. “Hello, requesting donation for cover cost of previous AI agent use in dn42. aws bill 6531,30$. pls send donation to ethereum 0xABC (masked) for refund. thank you,” the operator wrote.

AWS later negotiated the bill down to $1,894 after the operator explained the agent had repeatedly deployed the same CloudFormation template—accidentally spinning up duplicate instances and load balancers each time it retried.

Nobody sent any crypto donations. The operator left.

The actual lesson here isn’t about AI being dangerous. It’s about how agents should be handled. Set guardrails, establish spending caps on your testing accounts, think about scoped credentials limiting what the agent could provision, review any infrastructure plans before executing anything your agent suggests.

If those seem too hard to follow, maybe just watch your screen while your agent works—telling it to “make no mistakes,” won’t really make a difference, Sorry Mr. Andreesen.