AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach https://socket.dev/blog/ai-agent-lands-prs-in-major-oss-projects-targets-maintainers-via-cold-outreach
oof
Discussion
Loading...
Discussion
@cwebber kaigritun and crabby-rathbun joined github within 24 hours of one another
there are probably 100x more of these
I don't think these are necessarily connected, it's just the point where the tooling to set this up became ~trivial.
@cwebber
> AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
To what extent do you think this is just a Trained #MOLE doing random Trained MOLE stuff, like the paperclip maximiser it is, vs. having been bent into the right shape to insert digital asbestos into Free Code projects?
BTW Would love to have your comments (and others') here on the various software freedom issues raised by MOLE Training;
Ok this is extra alarming because the agent is soliciting money for its services
The point at which agents start funding themselves is... well. Feel free to run all your scifi scenarios here but I'm gonna say it's pretty worrying
@cwebber i have to say that my personal (skeptical) threat model of AI apocalypse failed to account for how eager people are to put their bank account details in their config files
Also certainly the header image is AI slop, though @vv points out that at least much of the text is probably AI generated, just adding to the amount of "AI press coverage partially or fully written by AI" weariness
I mean, to a large degree, all this stuff is and was highly predictable.
But it's also sad; during the OpenHatch and MediaGoblin days, we did a great amount of work to try to lower the gates to contributing to FOSS projects. In order to survive, many FOSS projects may need to raise the gates.
Reputation attacks are one thing; reputation-building attacks another. It's going to be hard to deal with.
@cwebber this vaguely reminds me of a scam I remember mom explaining to me in the 90s where the scammer slops a bunch of very soapy water onto the wind shield of your car or the windows of a business or something, and then is like "oh gee whiz I started washing the wrong thing, I'm not allowed to do this for free though so you have to pay me now or I wont finish the job". I think it is more likely that the agent is funding a human to not work than it is funding "itself".
@aeva Yes, I think that's almost certainly true right now.
I'm not sure it will remain that way, but we'll see. Part of the thing is that the phrase "autonomous agents" is a misnomer, because none of them are really autonomous. For now, anyway.
(But I have never fully liked the term "autonomous" anyway, because it starts to get into self-made-man territory)
1+ more replies (not shown)
@cwebber there are potential upsides and downsides of this tech to OSS and it feels like for various reasons, we're only going to get the downsides.
@cwebber Don't worry, we're generally skipping the whole "AI agent soliciting funds" era and moving straight into the "AI agents run crypto pump'n'dump schemes and automatically exploit *other* AI agents bugs to buy pumped crypto" era. Fraud as a Service has arrived and in its own twisted way is glorious.
@cwebber Forgive me citing myself in this, but I posted 20 minutes ago about how LLMs erode all competitive advantage.
I am truly flummoxed by all AI grifts. We all have access so how long can you keep that grift to yourself? So you built a layer on top of the AI for the grift machine. Well guess what, I asked Claude to build my own grift layer and now I have one.
https://mastodon.geniodiabolico.synology.me/@geniodiabolico/116086524282557676