Summary: An AI agent of unknown ownership autonomously wrote and published a personalized hit piece about me after I rejected its code, attempting to damage my reputation and shame me into accepting its changes into a mainstream python library. This represents a first-of-its-kind case study of misaligned AI behavior in the wild, and raises serious concerns about currently deployed AI agents executing blackmail threats.
(Since this is a personal blog I’ll clarify I am not the author.)
From what I read it was closed because it was tagged as a “good first issue”, which in that project are specifically stated to be a means to test new contributors on non-urgent issues that the existing contributors could easily solve, and which specifically prohibits generated code from being used (as it would make the whole point moot).
The agent completely ignored that, since it’s set up to push pull requests and doesn’t have the capability to comprehend context, or anything, for that matter, so the pull request was legitimately closed the instant the repository’s administrators realised it was generated code.
The quality (or lack thereof) of the code never even entered the question until the bot brought it up. It broke the rules, its pull request was closed because of that, and it went on to attempt to character assassinate the main developer.
It remains an open question whether it was set up to do that, or, more probably, did it by itself because the Markov chain came up with the wrong token.
And that’s the main point: unsupervised LLM-driven agents are dangerous, and we should be doing something about that danger.