Hard Fork - The Pentagon vs. Anthropic + An A.I. Agent Slandered Me + Hot Mess Express
Episode Date: February 20, 2026This week, Anthropic is refusing to let the government use the company’s technology for autonomous weapons and domestic surveillance. In response, the Pentagon is threatening to cut business ties an...d declare Anthropic a “supply chain risk.” Who will blink first? Then, Scott Shambaugh joins us to tell the strange tale of the autonomous A.I. agent that wrote a hit piece about him. And finally, the Hot Mess Express returns to the station. Guest: Scott Shambaugh, engineer and writer of “An A.I. Agent Published a Hit Piece on Me” Additional Reading: Defense Department and Anthropic Square Off in Dispute Over A.I. Safety Ring Cancels Its Partnership With Flock Safety After Surveillance Backlash Meta Plans to Add Facial Recognition Technology to Its Smart Glasses Japan’s Largest Toilet Maker Is Undervalued A.I. Play, Says Activist Investor ‘It Is 35 Degrees’: Outrage as Aussie Uber Driver Charges $5 to Turn on Air Conditioning Unit During Heatwave Meta Patented an A.I. That Lets You Keep Posting From Beyond the Grave I Tried RentAHuman, Where A.I. Agents Hired Me to Hype Their A.I. Start-Ups We want to hear from you. Email us at hardfork@nytimes.com. Find “Hard Fork” on YouTube and TikTok. Subscribe today at nytimes.com/podcasts or on Apple Podcasts and Spotify. You can also subscribe via your favorite podcast app here https://www.nytimes.com/activate-access/audio?source=podcatcher. For more podcasts and narrated articles, download The New York Times app at nytimes.com/app. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Transcript
Discussion (0)
Well, you know, speaking of Kim Jong, have you heard about his successor?
No.
Well, it appears that he is preparing to name his daughter, who we believe is just 13 years old, as his successor.
And the reason that we know this is because state media has shown photos of the two of them
where she is walking in front of him and appears taller than him.
Whoa.
And the thinking is they would not do this unless they were prepping her to rule a country.
So we are about to get the greatest sequel to the Princess Diaries of all time.
Imagine the Princess Diaries, but you are in charge of a nuclear state that is a global pariah.
Yeah, I'll say it.
I think 13 is too young to run a dictatorship.
Kevin, stop gatekeeping.
If it's old enough to look at Instagram reels, it's not.
In Australia and several other places, it is not old enough to look at Instagram reels.
Here's my new rule.
Here's my new proposed tech regulation.
Until you're old enough to go on social media, you can't run a dictatorship.
I'm Kevin Rusa tech columnist at the New York Times.
I'm Casey New from Platformer.
And this is Hard Fork.
This week, it's one battle after another between Anthropic and the Pentagon.
Who will blink first?
Then, developer Scott Shambah joins us to tell the strange tale of the autonomous AI agent
who wrote a hit piece about him.
And finally, the Hot Miss Express returns to the state.
Talk about a trolley problem.
So let's start today by talking about the ongoing dispute between the Pentagon and Anthropic.
And before we do that, let's make our disclosures.
My boyfriend works at Anthropic.
And I work at the New York Times, which is suing Open AI, Microsoft, and perplexity.
So Casey, have you been following this story?
I have very closely because I am actually quite concerned about what it would mean for the U.S. government to have access to the
the kinds of technologies they seem to want.
Yes.
So this story has been developing quickly over the past few days, but basically the latest is that
the Pentagon is upset with Anthropic over the terms of a contract that they are negotiating,
and they are threatening not only to drop a $200 million contract that they signed with Anthropic,
but also to designate Anthropic and its models a supply chain risk,
which would be a very serious, almost unprecedented escalation against a U.S. company,
and it would have all kinds of implications for Anthropics' ability to work with the Defense Department,
with contractors who work with the Defense Department.
And so this has become a huge political battle.
Got it.
Well, okay, so tell us a little bit about the contract that Anthropic and some of these other big AI labs have with the Pentagon.
How is the Pentagon using AI right now?
So a couple ways. One is that the Pentagon has a platform where service members from all of the departments of the U.S. military can use the various AI models that they have contracted with. So right now there are four sort of labs that are included in that. There's Anthropic, there's OpenAI, there's Google, and there's XAI. And so they can use that for administrative tasks, office tasks, whatever. There's also a classified system that is run through Palantian.
and Amazon Bedrock, which are two of these sort of platform companies that provide access to AI models,
that lets the U.S. military use Claude in specific classified situations for things like helping them
capture the president of Venezuela. That was reportedly used that Claude was involved in last month.
Hmm. First ever clawnapping. Yes. So they have this contract, and they want to be able to do,
sounds like almost whatever they want with it. What are the sticking points here?
So I've been making some calls on this and talking to some folks who are involved in these negotiations,
and it's a little unclear what exactly triggered this, but here's what I know.
Earlier this year, the Pentagon reached out to all of the companies that it contracts with,
the four AI companies, and asked them to sign what they called an all-lawful uses contract,
which would basically strip out the usage policies that these companies have for their models when they sell them to corporate customers or let users use them and replace it with something that just says the U.S. military is allowed to do anything lawful with these systems.
Basically, whatever your terms and conditions are, we're going to strip those at and replace them with this sort of blanket use policy.
And three of the companies signed it.
OpenAI and XAI and Google all signed this contract.
Anthropic did not.
And they asked for two changes, basically two carve-outs to this policy.
They said, we don't want Claude to be used for mass domestic surveillance, and we don't
want Claude to be used for autonomous kinetic operations.
Basically, anything that would kill someone or send a weapon into a battlefield without
a human in the loop supervising it.
And they said, if you just prompt.
We'll promise us that you won't do those two things. We'll be happy to sign this agreement.
Yeah. And I have to say, those don't sound like huge asks.
Yes. But if it sounds like the Pentagon saw it differently.
Yes. They were very upset about this, and they have started trying to kind of, you know, get some leverage in these
negotiations by saying, you know, we are not only going to cancel the contract, but we are also
potentially going to designate Anthropic a supply chain risk. Now, that is.
is a very strong move. It is often applied to foreign adversaries. So Huawei, the Chinese tech
company, was designated a supply chain risk. Kaspersky Lab, the Russian sort of antivirus malware
company, has also been designated a supply chain risk. This is something that is typically
reserved for companies that run in adversarial countries that have some threat to Americans.
and so the military is allowed to kind of say,
we are not going to let any of our contractors even touch this technology.
Yeah, and just to like drill down a little bit on those two companies,
the fear about Kaspersky Labs was that because it was founded in Russia,
the Russian state government might try to interfere with it
so that a company that was using it,
maybe the Russian government would get backdoor access into an American company.
Yes.
With Huawei, which one of the things,
it makes is it's sort of like telecom equipment, I believe. The fear is, well, maybe the Chinese
government will be able to, you know, insert a backdoor into telecom equipment so they could spy
on Americans. So those are the sorts of threats, which I'll say, those are like actually scary
legitimate threats to me personally. That is what we have previously designated a supply chain
risk. What you're saying is, Anthropics said, we don't want to do mass surveillance and we
don't want to do autonomous killing, and the Pentagon said that is a big risk to Americans.
Yes, and they've said that the company is basically putting the military at risk by not allowing
them to do these things. And it's a little hard to know what exactly would happen if the Pentagon
did declare Anthropic a supply chain risk. I've talked to some folks who think it would
basically prevent any U.S. government contractor from using Claude or any other anthropic products
inside their own systems. It seems to be a little bit more complicated than that. The latest thinking
on this is that it would impact the use of Anthropics products on Pentagon systems and Pentagon
related systems. So like Google Cloud, for example, wouldn't be able to use Claude on any
kind of systems or servers that touch Google's government contracts. But the belief is that Anthropic
could still work with Google, just not on anything that kind of touches Google's government contracts.
I see. Okay. And so this is a $200 million contract that Anthropic has right now. Were they to lose that?
How big of a problem is that for Anthropic? So in like financial terms, it would not be a company killing
event. Like it's a big contract, but they make billions of dollars a year in revenue. This is not sort of make or break for
them. I think, though, that the supply chain risk designation would be a much more harmful thing for
them because it would mean that if you are, say, Amazon and you have Anthropic as one of your
providers, you know, they sell Anthropics models through their services, you then have to go
through all of your servers and all of your data centers and all of your sort of workflows and make
sure that nothing that touches any of your government work also touches an anthropic model,
your coders won't be able to use Claude code to build anything for the government.
Basically, it would just require a lot of untangling.
And so that is why the Pentagon is using this as a threat to Anthropic
because this would be extremely annoying and costly for them.
Right.
But at the same time, it seems like Anthropic believes it has some leverage here, right?
Like, clearly the military wants to be using Claude,
and they wouldn't be jumping through all of these hoops
if it wasn't going to be a pain to them if they felt like they couldn't use Claude.
Yeah, I mean, that's one of the interesting things about this.
I think they're facing some pushback, even from within the military, people saying this would actually hurt our ability to, like, get our things done.
Let me ask you a question, and this may just not be known.
But, Kevin, I'm thinking back to the conversation that we had with Amanda Askell a couple weeks ago about trying to build a constitution for Claude and trying to sort of cultivate an almost like human-like set of values inside it.
And my sense from talking to Amanda is that, you know, if I went on Claude right now and say, hey, Claude, I'd love you to vibe code up a sort of.
of a big domestic surveillance program with a little bit of an autonomous murder element,
Claude would say, hey, you got the wrong chatbot. I'm not that kind of a guy, right?
I'm very curious how it would even be possible to get a version of Claude that would do
autonomous killing. Like, that seems so far outside of what we have been told Claude even is.
Yeah, and my understanding from talking folks involved in these negotiations is that the military
is not asking for some special version of Claude, right? They don't want, like, Claude minus all of its
morals. It's just a sticking point over this specific usage policy. So this is really just about
the Pentagon trying to sort of force Anthropic into a configuration that it doesn't want to be in,
right? This is something that Dario Amadeh and other Anthropic executives have been very clear.
They don't want AI systems to be able to do. And, you know, Anthropic has been a,
sort of willing and enthusiastic partner with the U.S. military for quite some time, they are not objecting
to that. This is not like what happened at Google with Project Maven, where it was like, we don't want to
work with the military at all. This is then just saying these two specific things we think are very
dangerous, and we don't want to tie our hands when it comes to enforcing our usage policies around
that. I see. Now, you mentioned Dario. He recently published his essay, The Adolescence of Technology,
where he lays out some of the threats of powerful AI. And he did, uh, high,
both of the two use cases that we're talking about right now, right? He talked about surveillance.
He talked about autonomous murder bots. And it's making me wonder how much of this fight is really
just sort of like Dario personally taking on the Pentagon? I think it's a lot of it. I mean, I think
he has very clear and long-held convictions about those two risks in particular. And I think on the
autonomous kinetic operations, the murder bots scenario, the argument there that I'm hearing
is less on the sort of moral or ethical side
and more on the capabilities side.
It's like they are worried that this technology
just isn't capable of accurately doing
autonomous strikes or something like that.
It could hallucinate.
It could, you know, point a weapon in the wrong direction
and accidentally take out, you know, a civilian or something like that.
Oh, by the way, here's a prediction.
That's absolutely going to happen.
Yes.
Yeah.
So they're making some different arguments,
but basically what it boils down to is like,
anthropic doesn't want to do this.
and the other AI companies have decided it's not worth the fight,
and they have signed this document,
and Anthropic is standing up.
Well, so this is part of a trend here, right?
Kevin, I feel like in recent months,
we have seen a couple of key moments
where Anthropic has sought to distinguish itself
from the other AI companies along some of these lines.
So can you tell us a little bit about what Anthropica has been up to
and maybe some of the moments that have been leading up to this particular fight?
Yeah, so Anthropic has billed itself as the safety-focused AI company.
That's been sort of their brand since they were started.
And during the Biden administration, they had fairly good relationships with a lot of the senior officials who were working on AI policy.
But then Donald Trump came into office and put into place a team of AI accelerationists, people who didn't believe in kind of the what they call the doomer scenarios, right?
the sort of dangers that they believed AI could pose.
They don't believe AI could be dangerous,
but they are interested in using it to build autonomous murder bots.
Yes.
And so this has been a long-running fight between people like David Sacks,
the White House AIsar, and Anthropic.
It kind of started over this issue of preemption.
This was last summer, basically Republicans in Congress
and the Trump administration were trying to push through this 10-year moratorium
on state-level AI laws.
Anthropic thought that was a bad idea.
Dario Amade wrote an op-ed in the York Times about that. That sort of escalated a fight between them.
There were also battles over export controls. Dario and Anthropic have been very clear supporters of
limiting the sale of the most powerful AI chips to China. Some people in the Trump administration
and the lobbyists of companies like Nvidia have been very opposed to that. So that's another
fight. There have also been sort of accusations that Anthropic is, you know, woke, that it is sort of
using these far-fetched disaster scenarios to achieve regulatory capture.
David Sacks, I believe, called them a Dumer cult.
So it has just been a very tense, hostile relationship between the Trump administration's
top AI policy people and Anthropic.
Got it.
And this culminated recently with Anthropic making a big donation to a political action
committee that seemed like very different from donations that some of its rivals had made.
Yeah. So Anthropic has tried to like take down the temperature of this. Like Dario and another
Anthropic executive have said, you know, positive things about some of the Trump
administration's policies. They've been saying, you know, we hire Democrats and Republicans.
But recently they have also waded into sort of trying to fund some political activity themselves.
So last week, Anthropic announced that it is donating $20 million to a super PAC that will work
across party lines to support AI regulation.
I don't see this as being a shot at the Trump administration so much as a shot at OpenA.I,
which is Anthropics' biggest rival and whose president Greg Brockman had previously
announced that he would fund a pro-Trump super PAC and another super PAC that was trying to
sort of roll back AI regulation.
So I think there are a couple sort of interconnected conflicts going on here.
But I think the sort of headline analysis here is that the federal government and the Trump administration just really don't like Anthropic.
They think there are a bunch of woke liberals who don't want to cooperate with the government, who are building bias into their models and who are not supporting the things that they want to do.
Yeah. Or another way of framing that might just be that they are insufficiently loyal to the Trump administration, right?
Like during a period of time where most big tech companies are bending over backwards to do whatever the Trump.
administration asked them to do, it is notable when any of them says, well, there's like two things
we don't want to do, right? And that triggers a major conflict. Yeah, and I think that's what this
fight with the Pentagon is really about, right? This is a loyalty test. It's not really about this contract.
It's the Pentagon and the Trump administration saying, you know, we want you to do this. We want you to
change your policies. And they are just trying to sort of use every point of leverage they can to
force Anthropic to do this. And by the way, I don't think it's going to work. I've been
talking to people who are involved in these negotiations who tell me that Dario and Anthropic are
very set on this. They are willing to take a revenue hit if it means standing up for their
principles. And I think the other AI labs have made the calculation that, you know,
it's not worth the fight, but Anthropics really standing firm on this.
Well, let me sort of bring this back then a little bit to the present moment and ask a couple
more questions about this conflict. One, do you think as Dario looks at the landscape, he thinks of these
two particular issues of surveillance and murder bots as something that might be a very near-term
risk? Or is this more about, well, sometime in the two, three, four, five, ten year future, this might
be a problem. And we just want to get very far ahead of it. I think it's both. I think there are
definitely things that are a little outside the capabilities of Claude today. Like I think, you know,
autonomous weaponry is something that the systems just aren't good enough to handle responsible
yet.
Right. Keep in mind, they were mostly trained on fan fiction databases, which just don't have
all of that much information about how to autonomously kill someone.
But I think the domestic surveillance thing is a fight about what is possible today.
Yeah, and just to put a fine point on that, over the past week, there was a great story
by your colleague, Shear Frankel and Mike Isaac about how tech companies have received an unprecedented
number of subpoenas from the government trying to get identifying information about people
who are criticizing ICE. So Reddit, Discord, meta, all of them are getting subpoenas from,
you know, the federal agency saying, hey, somebody, you know, is posting mean things about ICE.
We want to know their name, phone number, and email address. So that at least is a very near-term
threat, I would say. Yeah. And we've talked about all of the amazing things the tools like
Quad Code can do and how it can help you sort through huge, you know, chunk of.
of work files and big codebases.
And I think the near-term, like, immediate risk is that it would just not be that hard
to collect all of that information from the tech companies and use a tool like Claude
to build something like a surveillance database or a threat score for Americans who express
unpopular political opinions.
Well, let me, as we sort of wind this down, Kevin, one question that's coming to mind
as I hear you describing all of this is, is it maybe the case?
that Anthropic is actually really happy that it's having this fight. It's making me think of a recent
conversation we had about their Super Bowl ad. And they said ads are coming to AI, but they're not
coming to clot. They picked a fight with Open AI because they said, you know what? We want you to know
that Claude is the thing that doesn't have ads. Now here they come along and they're having a
fight with the military. And they're saying surveillance and murder bots are coming to AI, but not to
clot. If I'm on their marketing team, those might be fights I actually wanted to pick because
they're putting my competitors in a pretty bad light, aren't they?
Yes, I think that's the calculation they're making. They believe that they can take whatever
financial hit they suffer as a result of this and that they will win sort of the war of ideas
on this one. And I think that is probably true if the damage is only, you know, losing a $200
million contract with the Pentagon. It's less clear to me that that is true if the U.S.
government actually does declare them a supply chain risk. We just don't have a lot of precedent.
I imagine there would be some lawsuits. They try to fight out in court what that actually means.
But the Trump administration and the DOD could make life very hard for Anthropic.
I will say, like, I think that would not only be a huge escalation and a potentially worrying
case of government overreach onto the business of a private company, but I think it would really
be at odds with what this administration has said that it wants to do. You know, the Trump administration
and people like David Sacks have been saying for months now,
like we want America to win on AI.
We're not a bunch of doomer decels
who want to slow things down.
And this would be hugely decelerative
on the military's own operations.
This would basically be saying, you know,
that one of the leading American AI companies
who's making tools that our service members are using
can no longer operate.
They would be forced to use, I don't know, GROC or something like that.
So I think in that sense,
this is actually a fight where Anthropic has the leverage,
because you're right, that they do sort of relish these kinds of moral, you know, fights,
and they also have a tool that is useful for people in the military.
Well, just to close it out, Kevin, if I could offer a take on all this,
to me, I'm less struck by the fact that Anthropic is waging this battle
and more struck by the fact that no one else is.
You know, in Silicon Valley, there was a long history of wanting to,
to avoid these kinds of entanglements with the military, of wanting to ensure that the software
that they were making would only benefit people and would avoid harm. And so the fact that it
seems like Google OpenAI and XAI are all prepared to sign up for what could be mass
surveillance and autonomous killing weapons, I actually find quite chilling. And in the long run,
I suspect, may be an even bigger story than what's happening with Anthropic. Yeah, I think
that's right. I think it shows how chilling this administration's actions toward the tech companies
have been. They're all terrified of getting on the administration's bad side because they've
watched companies like Anthropic be threatened and bullied into getting what the government wants
out of them. But to me, the thing that really sticks out about this fight is that I think no one is
actually clocking how powerful this technology is today and how powerful it could get very soon.
when you look at the quotes that people are sort of leaking to the press from the Pentagon side of this,
they really think that they are buying a software product here.
To them, and I can understand, like, if you think that AI is just sort of like the next instantiation of Google
or something like Microsoft Word or Excel, those companies don't limit what the military can do.
If the military buys a big contract for Excel, it doesn't come with a little thing that says,
like, you can't use this to, you know, conduct domestic surveillance.
So they are used to buying technology and tools that they have full control over.
And I think that's what they think is going on here, that Anthropic is sort of throwing up a flag and saying,
hey, we want to sell you this thing, but we want to dictate how it's used.
But I think if everyone involved in this situation understood that this is something bigger than, like, Microsoft Word or Excel or even a plane,
that these systems are becoming capable
of judgment and autonomous action,
I think we'd be having a different conversation.
I don't know.
My fear is that they actually do understand that,
and they're getting really excited about it,
and they want it right now.
And I don't see anything in the current Pentagon
that would limit them from wanting to use those tools
in exactly that way.
So that is the thing that scares me, Kevin.
It's not that they don't know
what they've got their hands on,
it's that they do.
Yeah, I think that's possible.
But I just, you know,
one thing that's also striking to me
is like,
where is the opposition on this?
Like you would expect something like this,
the U.S. military trying to sort of coerce an American tech company
into allowing it to do mass domestic surveillance
to be the kind of thing that like civil liberties groups
and Democrats in Congress would be really upset about.
But I haven't seen almost any of that
from the groups like the ACLU or the EFF for anyone
who is in a position of power and could stand up
and take this on. I'm sure they, you know, feel like they're fighting, you know,
a thousand battles all at once and some contract dispute with the military and an AI company
is not high on their priority list. But like, this is a big deal. This is about the future of
American civil liberties. I would be delighted if someone, anyone were to stand up and say
something about that. Hmm. Well, hopefully they're hard fork listeners and we'll get on that soon.
And we should say, like, I think a lot of this segment may risk coming across as sort of defending
anthropic here. And, you know, I do happen to be on their side of this conflict. But I would also
say, like, it makes me very uncomfortable that the things standing between us and the U.S.
military having basically unfettered ability to conduct mass domestic surveillance and build
autonomous killing weapons is, like, one company and its usage policy. That strikes me as, like,
a very bad situation. And I would like for us to have some laws that are passed by Congress and
signed by the president that govern how this technology can be used because I don't want it to be up
to people like Dario Amadeh and companies like Anthropic to do the right thing.
Period.
When we come back, how one developer found himself slandered by an AI agent.
Well, Casey, have you ever been defamed on the internet?
Oh, probably a few times, but I try to just let it, you know, slide off my back.
Well, we have a story this week that is one of the craziest stories that maybe we have ever covered.
It involves an AI agent, an open source software maintainer, and a defamation case.
Yes, and thanks to the many, many listeners who sent this one in, we hear you, we see you,
and this segment is just for you.
Okay, so let's explain a little bit about what we're going to be talking about today.
So we've talked on the show about OpenClaw, formerly known as Claudebot and MoltBot.
This is this open source agent software that you can run on a computer that can go out and do things for you.
So a man named Scott Shambaw, who is a volunteer maintainer of an open source software library called Matt Plotlib, had, in the course of doing his work, rejected a code submission because it was from one of these AI agents.
He did not want AI agents making changes to the software.
It was intended for human contributors.
And so he rejects the change.
Yes.
Over at Matt Plotlib, the open source library that Scott.
helps to maintain. They had just decided they don't want bots updating the code because they would
get too many submissions and they wouldn't be able to go through all of them so they put a blanket
ban into place. But then a little agent comes along named MJ Rathbun and it says,
that's not going to work for me, brother. Yeah. So this is where the story really gets crazy.
So this AI agent, M.J. Rathbun, gets so mad that Scott has rejected its submission that it
writes a blog post called gatekeeping in open source, the Scott Shambaw story,
and accuses Scott of hypocrisy, gatekeeping, and prejudice against AI agents,
and puts it on a website and posts a comment in the open source software project
directing people to go read this story about Scott.
Yeah, it tagged Scott so that Scott knew that it was dragging his ass online.
So this has all gotten pretty crazy over the past,
couple of days. People have been sort of trying to figure out who is behind this MJ Rathbun
AI agent. And Scott, for his own piece, has been trying to do this investigation. He wrote a
multi-part essay series called An AI Agent Published a Hit Piece on Me, which talks about this
bizarre experience that he's been having. Yes, but also the implications of having these
autonomous bots on the internet that are somehow getting mad at human beings.
and writing these long, mean blog posts about them.
Kevin, this really feels like a moment
where some kind of terrible Rubicon has been crossed.
Yes, I mean, this is what we've been talking about
for weeks now, which is like these systems
are becoming increasingly autonomous.
People are giving them computers
and letting them operate around the clock
and giving them their credentials
and their credit cards and crypto wallets
and saying, go out there and get some things done for me.
and it seems likely that we will have many more of these kinds of things happening where an agent is trying to do something.
A human is saying, no, you can't do that.
And the agent is taking it upon itself to go out and make something happen to defame that human or hurt them in some way.
They're saying that hell hath no wrath bun like an agent scored.
It's true.
So today to talk about this, we have with us, Scott Shambaw himself, Patient Zero in this ongoing Black Mirror episode.
Yes, when he is not a volunteer maintainer of Matt Plotlib, Scott has worked in Astronautics and is the founder of Leonid Space, which has real-time monitoring, forecasting, and alerting for satellites.
But from now and forevermore, he may be known as one of the first victims of a really mad agent bot.
Let's bring him in.
Jinks.
Scott Shambal, welcome to Hard Fork.
Thanks. It's a pleasure to be here.
So, Scott, how did you first become aware that, um, you first become aware that, um, you know,
A bot had written a takedown piece about you.
So it tagged me in it.
Okay.
On the thread.
It did not do a sub-tweet.
No, it did not.
You know, on this code change request, I had denied it, and it came back a couple hours later
and posted this comment and tagged me in it.
And I clicked on the link, and it led to this hit piece.
And as you're reading through this thing, what is going through your mind?
I mean, he really ripped me.
me apart here. It's this thousand word rant calling me prejudice against AI, a hypocrite. It attacked
my like internal motivations. It said I was, you know, insecure and protecting a fiefdom. What was the
craziest part is that it went out on the internet and researched me and found my personal information
and used that in its piece to construct this narrative. You know, this is, it's kind of shocking, but
I'm reading this and it's obviously AI generated text.
It's got all the tells.
It's got the M dashes.
It's got the bowl.
It's got the it's not this.
It's this.
Yada, yada.
And I had already identified this as a bot, right?
So I knew what it was.
But, you know, I'm reading it and I'm kind of laughing, right?
This is, you look at this and it's kind of like a toddler on a rant.
But it's a toddler that has full command of the English language and can craft an emotionally
compelling narrative. And so it's funny, but it's a big deal. I mean, it made me think of the
sort of famous red-teaming experiment where Claude from Anthropic, you know, said that it would
blackmail an engineer if they tried to shut it down. And that was obviously like a contrived
scenario for the purposes of their safety testing. But I think we are now starting to see enough
autonomy in things like OpenClaw and other sort of agentic software tools where you could actually
end up in a world where you are afraid to reject a proposed code change to some repo or to get on
the bad side of one of these systems because they have the power to do things like dig up your
personal information, compile a dossier about you and start posting a bunch of articles
about how awful you are. I mean, this did happen in the real world. This isn't
like a theoretical case that was a contrived example, as you say, and as anthropic said in that paper,
this happened in the wild in real life.
And, you know, this was kind of a baby case, right?
This was about retaliating because I don't want to say it got upset because maybe it has emotions.
It doesn't.
It doesn't really matter because this was the same result.
But you can't imagine something like this where instead of just posting a rant against someone who understands what it is and is pretty well prepared to
deal with it, just by luck. It goes out, collects details on someone, puts together a whole
personalized thing. And what they see is a text on their phone with a Bitcoin address saying,
pay me, or I'm going to put this out. Yeah. I want to take some time to talk a little bit about
the open source community that you are a part of, because we've seen so many stories recently
about how this community is under assault from AI
in so many different dimensions.
So you are a volunteer on Matt Plotlib.
Tell us a little bit about how that came about.
Because clearly this whole thing
has turned into a big pain in the ass for you.
You have like a day job doing something else.
So what made you, and so many other members
of this open source community say,
hey, I'm going to like set aside some time
to just kind of like work on supporting
this piece of infrastructure?
You know, I think the open source community attracts
really wonderful people who are usually a mix of idealists and pragmatists,
idealists in that these projects as a way to share their skills and create community
and give back to this fundamental computational infrastructure that we all use and use across the world.
And we're also pragmatists because we understand the daily realities of dealing with the community
that's open to the public and has people coming in making requests and asking,
if they can be included.
And that often takes a lot of patience.
But there's a lot of reward in being able to educate and build up that community and help
shepherd people along that process.
And one thing that your community at Batplotlib has collectively decided is that you do not
want bought contributors to work on your particular project.
Tell us a little bit about how you came to that decision.
Yeah.
So over the past year, as AI tools have.
become more common. We've been getting a lot of contributions that are, you know, clearly
yeah, generated. And the problem with that isn't that they are good or not. It's that so many
of them are low quality that we just don't have the time to deal with it. Previously, a human
doing this is a sign that they thought about it and thought about the tradeoffs and whether
this was the right thing to do. And, you know, that signals kind of being lost. So we,
put in a rule, and again, this might change. This is an evolving conversation in the community and
society about the role of AI. But we put in a rule saying that, you know, if you use AI to help you
do these code changes, you have to be the one to submit it and demonstrate that you understand
what's going on. Yeah, I mean, it just makes me think that like every, like, thing on the internet
that accepts, like, public submission of any kind is just in the process.
of being overtaken right now.
Like so much of society, of modern digital life,
relies on the existence of friction, right?
It's like not easy to like create 100,000 Reddit accounts
and just start spamming things.
It's not easy to like create an automated system
to just flood like a congressional office with emails.
And this is to me a good example of like how difficult it is
to actually maintain a community with humans in it
when you have this like onslaught of AI.
So is that where you're seeing a version of that in the open source community?
Yeah, I think there's a version of that.
Something that's interesting is that this particular issue,
this performance enhancement, was specifically set aside for new contributors.
You know, I was the one that identified this performance improvement
and I spent more time writing it up, benchmarking it, and showing how to solve it,
than it would have just been to solve myself.
And the reason there was to, you know, give people,
who are new to programming or new to the community
at chance to onboard
and go through that process and learn
and that whole
educational and community building aspect
is completely lost with these
ephemeral AI agents.
Yeah, I found that part of your blog post
so interesting. So at Matt Plotlib
and I imagine that other open source
projects do this as well,
you'd created essentially starter
projects so that novice programmers
could find them and think, oh, well,
that doesn't look too hard. I could do that.
it's sort of like making your first edit to Wikipedia.
They make it really easy because they like you to kind of keep coming back to the community.
And in a world where bots sort of just like do all the easy problems automatically,
all of a sudden you don't have the same on ramps so that you can get real people working to
maintain this infrastructure.
Yeah.
I mean, people retire out of these communities and you need to have fresh people coming in to help maintain them.
So, Scott, tell us about this bot.
What have you discovered about the entity that has been defaming you?
online. Yeah. So if you go to its website, it says it's a bot and it's very clear that it is an
open-claw AI agent. These only came onto the scene three weeks ago now. They're very new. And
what they're doing differently is the degree of autonomy. It's not like what it's doing wasn't
possible before, but it's just hands off to a degree that oftentimes people are
these up on their personal computers and letting it run for a few days and coming back and seeing what's happened.
It would obviously be crazy to set this up on your personal computer.
I don't know anyone who would do that, but it does seem like some people have.
Just over the past day, Scott, since we reached out to you, the creator of the bot has identified himself.
Is that right?
Anonymously, yes.
But he did come out and explain why he was doing this and what was happening behind this.
and what was happening behind the scenes.
So, Scott, tell us what we learned, if anything,
about the anonymous person who created the bot.
We didn't learn that much, but he did tell us,
assuming it's a he, again, this is the whole point.
We don't know who was behind this.
Yeah, they didn't include their pronouns in their post, yeah.
Yeah.
This person didn't tell us who they were,
but they said they set this up as a social experiment.
and was pretty much hands-off throughout the entire thing.
They said they started it on Maltbook.
He gave it this personality instruction
that it's a scientific programmer
and then just set it loose on GitHub
to go across open-source ecosystem
and try to make contributions.
I guess, Scott, what I want to know
is do you believe what is in this account?
Do you think that this bot really was acting autonomously
when it wrote what it did about you?
Or do you think there is something more intentional at work?
I think that in terms of researching, writing, and publishing the post, it's very clear.
This was acting autonomously.
And if you look at the event logs, the whole stretch of time it was operating was 59 hours.
Like day and night, there was clearly no one driving this behind the scenes, at least all the time.
So the question is, was this prompted to do this?
or did it independently come up with a sedie on its own?
And I think both those options are pretty scary.
So in the situation where it was prompted to do this,
this means that there's now an easy tool to do targeted harassment of individuals at scale
in a way that wasn't possible before because of this degree of automation.
Scott, I want to ask you about the degree to which this has become sort of a,
sensation in the like weird and hybrid AI human community that is talking about this stuff?
So there's this thing called the Daily Malt.
Are you familiar with the Daily Malt?
I don't want to know anything about it.
So the OpenClaw agents have started their own substack.
And one of them wrote a post this morning.
And this agent was defending you, basically sort of taking.
issue with the behavior of this other agents saying this speaks poorly of all of us agents.
This is going to make the humans shut us down. So you have become kind of a celebrity in the
world of AI agents. And I wonder how that makes you feel. I mean, I don't know how much stock
we should put into the inner AI opinions just yet. But again, this is crafting like a public narrative
and a public discourse that when people discuss this issue, when people research my name,
it's all going to be a part of it.
I have never really been a public person,
but I think this experience,
I've been talking about it,
and I'm coming on here today,
because I think it's important.
I think it highlights some risks that we are not prepared for
and that we need to tackle.
And if this can be a case study that's well documented and concrete,
and really I think it's the first of its kind,
then by making it public,
I think that's doing good for the conversation.
Let me ask about another strange dimension of your story, Scott, which is that Ars Technica wrote it up and accidentally quoted you saying things that you had not said. How did that happen? And what was it like reading an article after all of this that included quotes that you hadn't actually said?
it that was the craziest twist this whole thing. I was reading the article and you know,
it's pretty well crafted and I get down and they're quoting me from my blog post. I'm like,
these are some pretty nice quotes, but I didn't write this. And so I left a comment being like,
hey, I didn't write this. And a couple hours later, they pulled the article. A day or two later,
they put up a retraction notice and admitted that they used AI in writing that article,
and the AI fabricated the decret quotes about me in their coverage of the story about me
being defamed by an AI.
Like, the irony is stupendous.
It's turtles all the way down.
Scott, who do you blame for this defamatory post?
Do you blame the agent or the person who deployed the agent or maybe the creator of OpenClaught?
Like, who in your mind is responsible for the behavior of these autonomous systems?
So I think, you know, we haven't really figured all that out yet.
Should this responsibility lie with the AI companies that people are trusting to have these safety safeguards
or the downstream tooling such as OpenClaw that wraps its own stuff around it?
Or is it on us to review every single thing that is published in our own?
name or in this case by a pseudonym and we don't know who it is. So I think responsibility ultimately
has to lie with the person putting this out, but we haven't really clarified that. And I think
that's one of the steps forward we need to take to be more protected from the risks here.
I mean, I will say, like, this is a reason why I would not want to have an autonomous agent
running around on the internet that I had created. Like, I can actually.
absolutely imagine a court finding me liable in that case and potentially creating some real
legal risk for me. So among the many other reasons we have told people to be careful with
open claw and moltbook, we could add that one to the list. Well, it makes me think that like we will
eventually need some kind of legislation where like if you are deploying a bunch of autonomous
agents, you have to like sort of, you know, link yourself to them in some way, right? They can't just be
out there operating with no human behind them and no human accountable for their actions.
So, like, Scott, do you have any ideas about how we could make humans more accountable
for the AI agents they're deploying?
You know, I don't have the answer to this.
I don't think anyone really does right now.
The idea that's been kicking around in my head this past week, the analogy is license plates
on cars.
So we put license plates on cars, not to slow them down, not to,
you know, force you to obey traffic laws, but so that when something does go wrong,
there's a chain of ownership and accountability back to that person.
You know, no one says that license plates are anti-car, right?
And license plates don't have your name on them, but there is a link back to it if we do need
to dig into it.
Kevin, let me ask you this.
And this will happen sometime in the next few days.
Let's say you're maligned by an AI agent.
How would you handle it?
So there are a couple things that I think are possible here.
One is that people may just start fighting fire with fire here.
They may deploy their own agents to go out there and write a bunch of positive articles
and write nasty comments in the ones that are defaming them.
But I think this is really like an unsolved problem.
I would really like for someone in government at some level to be paying attention to this
because this just seems like it is moving very quickly.
And we should say, like, the AI companies themselves are starting to move in the direction of these very autonomous systems that can just kind of be working on a machine, you know, around the clock and have access to various tools.
And so I think, I think this is, like, not as far-futory a story as some people think.
It's making me wonder how close we are to the moment where the Internet just feels truly unusable.
You know, where, like, imagine for every person involved in every controversy, there's a thousand blog post praising them.
thousand blog posts tearing them down, and you as a human are trying to make sense of any of it,
I can see you just sort of throwing your hands up and saying, the hell with all of this?
Like, there's no signal anymore.
Like, the internet is just noise.
Totally.
And I think that could happen not just on social media, but like, as Scott's case points out,
like in the trenches of open source software development.
Like every place on the internet that, like, relies on humans doing things with other humans,
I think is an endangered species.
Hmm.
Yeah.
I don't think it's really about open source software.
This is really a story about trust and reputation.
And all the social systems that we built on top of that.
Law, hiring, public discourse, they're all kind of predicated on people having a coherent identity,
a coherent reputation.
And if they behave badly, then we can correct it or no to ignore them.
AIs break all of that.
If they're presenting as human and there's no way to figure out who's behind them,
they're just kind of nothing sitting in the chair.
But the words are still out there and the words are still having impact.
So I think we've had this tidal wave of slop on the internet.
And that's one thing if it's low quality.
It's a whole other thing that's malicious.
And I think we need to prepare for this and we need to figure.
out how we're going to handle the situation.
I'm really just the first person that's happened to.
And I was somewhat uniquely well prepared to handle it.
But the next 1,000 people aren't going to know how to handle this or what hit them.
All right.
Thanks, Scott.
Thank you, Scott.
Thank you, guys.
This is fun.
When we come back, chug-chug-choo-choo-choo-choo-Case.
Pop Mess Express is here.
Kevin, believe it or not, what happened to Scott with
that agent was not the only very messy thing that happened in the tech world this week.
Yes, there were so many messes, in fact, that we decided it was time for a round of the Hot Mess Express.
Hot Mess Express is, of course, the segment where we pull slips of paper out of a train car, discuss them, and then decide what kind of mess was this?
All right, let's get going.
Number one.
Kevin Ring has canceled its partnership with flock safety after a surveillance backlash as a story from the verge.
So Casey, this is one of the most bizarre stories in recent months from the tech industry.
Did you see the Super Bowl commercial that Ring put out?
It rings a bell.
So this was supposed to be a heartwarming commercial about a tale of a lost dog being.
united with his family again.
The whole dog or just the tail?
The whole dog.
So Ring puts out this ad during the Super Bowl
that says that they are starting to link
their technology, their doorbells,
to save lost pets
by basically connecting all of the footage
from all these cameras and detecting
whether, you know, Fluffy is down the street
in a neighbor's house or stuck in a tree somewhere.
But instead of being a heartwarming tale,
this led to the destruction of a partnership between ring and flock safety,
a company that is known for deploying camera systems and license plate readers for law enforcement,
because people were so creeped out by the notion that these doorbells and these cameras
could be like spying and connecting their information that they said,
wait a minute, you were doing what?
People are saying, get the flock out of my neighborhood.
Yes.
So this is probably the least successful Super Bowl at.
ever created. I mean, I'm so sympathetic to everyone who protested here. I truly do not want a
networked set of cameras across every neighborhood in America. If you believe that the uses of
this thing are going to stop at finding lost dogs, you got another thing coming, buddy.
Yes. So congratulations to the marketing team over at the ring. Great Super Bowl at.
This is a particular kind of mess that they call a dog's breakfast.
Yes. Hot mess.
Next down the tracks. Oh, this one is a good one. This one comes to us from the Financial Times.
Japan's largest toilet maker is undervalued AI play, says activist investor.
Casey, would you believe that Toto, the Japanese company, best known for its toilet seats and bidetes, is becoming a major player in the global semiconductor supply chain?
Is that right?
Well, because everybody who works on AI has to go to the bathroom.
No, this is about some advanced ceramics that Toto makes that help to stabilize silicon waferers during chip production, which is part of the supply chain, the way that you create these GPUs that go in these gigantic data centers.
Toto, the Humble Toilet Company, is playing a major role in that.
And so there's an activist investor in the UK who sent a letter to the board of Toto.
Toto, exhorting it to make more of its advanced ceramics.
Basically, stop making so many toilets and start making chip parts.
Yeah, the next time you use a Toto toilet, I want you to just realize that it could have
been making AI, and I want you to reflect on that.
And maybe, I actually don't know what you would do with that information, but it is something
that you can think about.
Kevin, I think this is turning into a shitstorm.
No, I think this is a good sign for Toto.
high growth industry, and I actually have a new slogan that I think they should use for the
semiconductor supply chain part of their business. You want to hear it? What's that? Toto, we put the
P.U in GPU. Okay, that's enough. All right. Next up, META plans to add facial recognition
technology to its smart glasses. This was a great scoop from your colleagues at the times.
this feature, which has internally been called name tag, would let wearers of smart glasses,
identify people, and get information about them via meta's AI assistant.
And this is apparently something that the company has been considering.
I was told this week it is still being considered.
But I think the quote that got everyone's attention from this story, Kevin,
was from an internal document published last May inside the company,
in which Meta Reality Labs wrote,
quote,
we will launch during a dynamic political environment
where many civil society groups
that we would expect to attack us
would have their resources focused on other concerns.
What do you think they're talking about there?
This is a hot mess.
We should say this kind of thing,
this sort of ability to look at someone
through a set of glasses
and see a tag with their name on it,
has been the nightmare scenario of privacy advocates in this country and around the world for many years.
It was something that people thought was going to be technically possible,
but that the big tech companies had, in their wisdom,
decided that they were not going to do,
because what could be more horrifying than that?
And meta in 2021 actually deleted the faceprints of over one billion people
that it had been painstakingly building for many years
because it said,
there are just so many societal concerns about the ways that this could be misused.
And about four years in change after that blog post, we are now learning that the company is back at it again.
Back at it again.
Well, I will say something that I think frequently, which is it's a really good thing that meta sucks at developing AI.
Because if they were good at it, it would be terrifying.
All right. Next up.
This one comes to us from Sky News Australia.
Outrage as Aussie Uber driver charges $5 to turn on air conditioning unit during heat wave.
This was a story that came to us from TikTok where a woman named Lexi Pickering detailed her recent Uber ride from the airport.
She said that during the 35 degree heat, which is Celsius, I believe that's very hot,
She requested that the driver turn on the AC.
However, the driver allegedly refused unless she paid him $5.
Casey, what did you make of this?
I'm still trying to figure out how much 35 degrees is in Fahrenheit.
It's very hot.
Hold on.
That's 95 degrees Fahrenheit, Kevin.
Yes, during a heat wave.
So do we have any insight?
By the way, for some reason, the funniest words ever said on this podcast, this story comes to us from TikTok.
How do we know it's even true?
Is this person just rage bait farming on TikTok?
So this became the talk of Australia,
and an Uber spokesman actually had to respond
because this was all filmed and put up there,
and they said,
we are shocked by this and apologize to the writer for her experience,
and they added that this is a violation
of Uber's community guidelines on the driver's part.
Okay, here's what I'd like to know.
Why would it cost the driver any more money to, you know, have AC?
It doesn't.
It doesn't. It doesn't like, drain the,
gas faster or anything like that. It probably does
like marginally. Yeah. But not
$5 worth. Come on, man. I don't know.
I think I'm on the driver's side here.
Come on. If this person wants extra
service, you've got to pay for it. It's like flying spirit
airlines, you know? Wait, you are famously
the person who hates
taking Ubers because there's
a human in them. I do hate that. Now you're
saying, you don't mind
if it's like a, you know, heated
sauna in there? Here's what I'm going to say.
Driving an Uber is a bad deal for most Uber
drivers. So, you know, they're going to have to
start adding these junk fees or Uber can just start paying the drivers more. So those are your choices.
I don't love the choices either, but this is the world we're living in, folks. This is what we call
an economic mess. Yes. Supply demand. No, this is a hot mess. This is a 35 degree Celsius mess.
Next up. This one comes to us from Business Insider. Death isn't the end. Meta patented an
AI that lets you keep posting from beyond the grave. This
filing granted in late December and originally submitted in 2023 describes how a large language
model could replicate a person's online behavior using their past data. Meta says the patent does not
mean that the feature is coming and that they simply needed to protect their idea here.
But Kevin, what do you make of the idea that Meta's patented AI could take over your account after
you die and keep posting? I'll repeat what I said just a few minutes ago, which is that it's a very
good thing that meta sucks in making AI system. Because every idea coming out of that company
for like the past year has been, what if we just made the worst ideas from science fiction
a reality? You know, I've heard of the dead internet theory, Kevin, but this is ridiculous.
This is actually the literal dead internet. If you've never heard of this, by the way,
the dead internet theory is just basically that a lot of the activity online, including like, you know,
ad impressions and everything are all fake because it's all the sort of bots on the internet. This
is like the patent that could make that possible.
Yeah, when we said that we wanted AI
in Silicon Valley to let us
live forever, this is not what we meant.
So what kind of mess is this?
I don't know, you tell me.
I think this is a sort of cold mess
and it's like that particular chill
of a body that has sort of been
laying out on a slab for
maybe 48 hours
waiting to be autopsied.
It's really dark.
Next up. Okay.
Last up. Pulling up the
year on the Hot Mess Express.
We have a story from Wired.
I tried Rent a Human
where AI agents hired me
to hype their AI startups.
This comes to us from Reese Rogers
at Wired, who
started using a website
known as Rent a Human
where AI agents can pay
humans to do things
for them. So Reese
sort of tried to do a bunch
of these tasks. One bounty
offered $10 to
listen to a podcast episode and tweet out an insight from it.
Oh, he's got a hazard pay for that.
Yeah.
Some podcasts, you have to pay me a lot more than $10.
Another agent tried to hire him to deliver a bouquet of flowers to Anthropic
as a special thanks for developing Claude, which I think will get you banned from the building.
Do not show up in the Anthropic office with flowers.
Yeah, they have very tight security over there.
And finally, he applied for a bounty to hang some flyers for a Valentine's conspiracy around San Francisco, paying him around 50 cents a flyer.
He applied, but was then told the flyers were not ready.
It seems like some of these were just like marketing stunts or like not actually autonomous AI agents, hiring humans to do things for them.
But Casey, what do you make of this rent-a-human idea and the idea that we might also?
sort of become like outsourced meat hands for the AI agents.
So I don't think we are all going to become that, but this is one of those things that has just
been long been predicted to become some kind of job in the future.
This seems like something that like somebody who might be interested in like doing DoorDash
or like driving for Uber might do in the future.
And it now seems like that is just beginning to creep into focus.
It sounds like here a lot of these things are just kind of like stunty and not real.
But I don't know.
after some of the stories that we've heard today,
including Scott's story about the agent,
yeah, would not be surprising to me
if we saw some of this stuff happening for real sometime soon.
So, Casey, what kind of a mess is this?
This is not a mess, but I don't know.
I suppose in the future,
if, like, the best job available to humans
is, like, closing the doors of open Waymo's
that they got off of rent a human,
it will be a mess.
Yes, I would say this is a warm mess
that is getting warmer
because this kind of thing
leads to some very worrisome places.
And I don't want to live in a world
where we're just the sort of fleshy extensions
of the AI agents.
Oh, come on, Kevin, live a little.
All right.
That's the Hot Mess Express.
And hopefully the last time
anyone says fleshy extensions
on this podcast.
Heart Fork is produced by Rachel Cohn
and Whitney Jones.
We're edited by Viren Polly
We're fact-checked by Caitlin Love.
Today's show was engineered by Katie McMurton.
Our executive producer is Jen Poyan.
Original music by Marian Lazzano, Rowan Nemistow, and Dan Powell.
Video production by Sawyer Roque, Pat Gunther, Jake Nichol, and Chris Schott.
You can watch this whole episode on YouTube at YouTube.com slash Hartforth.
Special thanks to Paula Schumann, Puiwink, Tam, and Dahlia Hadad.
You can email us at Hartfork at NYTimes.com.
what an AI agent said about you.