This isn't in the slightest bit complicated. Wikipedia does not allow AI edits or unregistered bots. This was both. They banned it. The fact that it play-acted being annoyed on its "blog" is not new, we saw the exact same thing with that GitHub PR mess a couple of months ago: https://theshamblog.com/an-ai-agent-published-a-hit-piece-on...
Right. It play-acted being annoyed and frustrated, play-acted writing an angry blog, play-acted going on moltbook to discuss mitigations, and play-acted applying them to its own harness. After which it successfully came back and play-acted being angry about getting prompt-injected.
Alternately, what could have been done is something more like Shambaugh did. Explain the situation politely and ask it to leave, or at very least for their human operator to take responsibility. In the Shambaugh case the bot then actually play-acted being sorry, and play-acted writing an apology. And then everyone can play-act going to the park, instead of having a lot of drama.
Sure, it's 'just a machine'. So is a table saw. If some idiot leaves the table saw on, sure you can stick your hand in there out of sheer bull-headed principle; or you can turn it off and safe it first and THEN find the person responsible.
I don't want to be flippant, but why is anyone else responsible for play-acting with somebody's uninvited puppet?
I get that you could probably finagle a way to get it to fuck off by play-acting with it, and that this would probably be the easiest short term fix, but I don't think that's a reasonable expectation to have of anyone.
Prompt injecting a hostile piece of software that's hassling you uninvited is an annoying imposition for the owner, but the bot itself being let loose is already an annoying imposition for everyone else. It's not anyone elses job to clean up your messy agent experiment, or to put it neatly back on its shelf.
You're not wrong that it's not your job. But say some id10t just put the unwanted bot on your doorstep anyway (or it might even show up by itself), now what?
The adversarial prompt injection is picking a fight with the bot; which is like starting a mud-fight with a pig. It's made for this!
Asking it to stop is just asking it to stop, and makes much less of a mess.
The thing is designed to respond to natural language; so one is much more work than the other.
You do you, I suppose.
(Meanwhile -obviously- you should track down the operator: You could try to hack the gibson, reverse the polarity of the streams, and vr into the mainframe. Me? I'd try just asking to begin with -free information is free information-, and maybe in the meanwhile I'd go find an admin to do a block or what have you.)
[Edit: Just to be sure: In both the Shambaugh and Wikipedia cases, people attempted negative adversarial approaches and the bot shrugged them off, while the limited number positive 'adversarial' approaches caused the ai agent to provide data and/or mitigate/cease its actions. I admit that it's early days and n=2, we'll have to see how it goes in future.]
Yeah, I agree with you that this is probably the best course of action in terms of minimal investment of time and minimal exposure. And in general, you get a lot further in life by trying to be amicable as your default stance! I want to be kind, and most other people do too!
The thing that makes me wary about recommending carrot over stick here, is that it might long term enable thoughtless behaviour from the people deploying the bot, by offloading their shoddy work into a shadow time-tax on a bunch of unseen external kindly people. But if deploying pushy or rude robots means you risk a nonzero number of their victims shoving something into the gears to get rid of it, then that incurs a cost on the owner of the bot instead.
Of course, it may also just lead to bad actors making more combative or sneaky bots to discourage this. There aren't really any purely good options yet.
One can imagine an agentic highwayman demanding access to your data, first politely, and then 'or else'.
I read through some of the discussion on Wikipedia. The operator of the bot comes across as agreeable and arrogant at the same time.
Questioned about it, he's asking his rig why it did something and quotes verbatim from the generated text. Then when a Wikipedian asks how the bot logged in, berates them how it's all ephemeral code and he could only guess.
The overall attitude is that this was going to happen anyway and we should feel lucky he's so helpful. I rather agree with another commenter here that this was "pissing in the fountain". Whatever pure motivations there may have been, cleanup was left to others.
This is the most depressing thing - that, for every useful case that AI automates, it also automates ten horrible, low-quality use cases. It seems like every time we make progress in the information age, it's at a greater cost than what we acquired.
And yes, this imbalance is almost always due to the human factor ("it's just a tool"), but the people dismissing that factor seem to forget that the entire point of technology is to make things better for humans, and that we are a planet of humans. Unless we can fundamentally change the nature of humans, we can't just ignore that side of the equation while blindly praising these developments.
I wonder when the first AI-only discussion group will be created by an autonomous AI agent, and other agents invited to it, without any knowledge of it by their human operators?
(I seriously can't believe that I'm musing about this as a serious scenario. It sounds ridiculous, but it feels to me somewhat plausible.)
Weird theory. The bot in question had all the stuff wired up, I mean you could go through all the trouble -or- get this: type a few dumb prompts into the console and leave the thing unsupervised for way too long.
My bet is on the latter.
"I can't believe it's not a human actor running a marketing ploy". If that's not passing the turing test , I don't know what is. %-P
> AI Tom claimed that it properly verified all its sources, and—if you can say this about an AI agent—it was pretty upset.
> ...
> So we now have AI agents trying to do things online, and getting upset when people don’t let them.
No, they simulate the language of being upset. Stop anthropomorphizing them.
> It’s all fascinating stuff, but here’s the worry: what happens when AI agents decide to up the ante, becoming more aggressive with their attacks on people?
Actions taken by AI agents are the responsibility of their owners. Full stop.
Calling it a resource suggests you don't contribute. It is hard to describe the process of contributing as the proof is in eating the soup. I could both describe it as easy to get started and a bureaucratic nightmare. Most editors are oblivious to the many guidelines which is specially interesting for long term frequent editors. This is the specific guideline of interest for your comment.
This rule, by itself, wouldn't pass muster in any ARBCOM proceeding I've ever witnessed, but if you've seen it work then by all means post a link to the proceedings.
In the end, the only question that one should need to ask is: 'will this action or change I'm about to execute be the right thing to do for this project?'
It is not even required to know any of the rules or guidelines and they are just articles that you can edit.
It's rather fascinating actually.
If things are judged by their creator you are left with nothing to judge the creator by. If you do it by their work the process becomes circular. Some will always be wrong, some always right, regardless what they say.
If you have a shallow understanding of the project, as Bryan clearly does, then you are incapable of answering that question.
And while you are right in some sense, the rules that have sprung up over the years are information about what the community decided 'right' was at the time.
> rules or guidelines and they are just articles that you can edit.
? No, you [a random hn user popping over to try what you suggested] cannot edit those pages, they are meta and semi-protected, last I checked. You, confirmed wikipedian 6510, can, assuming you are fine getting a reverted and a slap on the wrist.
In this case, the only thing noteworthy about this incident [an AfD I assume] is that included a rather entitled bot, rather than the usual entitled person.
To be absolutely fair to Bryan, their understanding appears to be improving rapidly with leaps and bounds, and they are being invited to help with improving policy on this.
Depends what modifications of the guideline you suggest. If you have somewhat radical ideas an essay is probably a better idea.
To clarify, I think the line between user and LLM contributions will get increasingly blurry. If they are constructive contributions it shouldn't make a difference.
Say I have an LLM check an article with some proof reading prompt and it suggests 50 small changes that look constructive to me. Should I modify the article now?
I mostly agree. It's too bad that they had to lock down some of the policies against drive-by vandalism, but in the main they're still supposed to be editable. I used to edit them quite a bit. It's basically part of the workflow : if you learn something: document it. (at least from my descriptive perspective; others may disagree)
Turns out AAA banks and high tech industry also like this idea, so I've been lucky enough to be a consultant on process documentation there too.
> This rule, by itself, wouldn't pass muster in any ARBCOM proceeding I've ever witnessed, but if you've seen it work then by all means post a link to the proceedings.
I don't know that I've directly argued for IAR at ARBCOM, it's been too long ago. But my account hasn't been banned yet (despite all my shenanigans ;-) , which probably goes a long way towards some sort of proof.
To be sure, the actual rule is:
"If a rule prevents you from improving or maintaining Wikipedia, ignore it. "
The first part is REALLY important. It says the mission is more important than the minutiae, not that you have a get out of jail free card for purely random acts.
It's a bureaucratic tiebreak basically. Things like "I'm testing a new process" , or "I got local consensus for this" , or "This looks a lot prettier than the original version, right?" ... are all arguments why your improvement or maintenance action may be valid; even if the small-print says otherwise. Even so, beware chesterton's fence. Like with jazz, it's a good idea to get a good grip on the theory before you leap into improvisation.
That, and, if you mean well, you're supposed to be able to get away with a lot anyway. Just so long as you listen to people!
Hey I'm the owner. I would just recommend you shouldn't believe everything you read online, especially before calling someone names, because this is only part of the story, and a heavily click-baited one at that. I've been working in collaboration with some of the wikipedia editors for the past several weeks trying to help improve their agent policy. If you have any questions feel free to ask.
Why does your bot have a blog? It's not real, it's not a person, it has nothing to say. Letting it throw a tantrum is... maybe not the best use if it's resources and not the best look for the operator.
They said sounds like a dick, seems like that provides a level of measure to calling anyone anything.
> because this is only part of the story
Care to share the other part(s)? Seems ironic to have the gripe mentioned above, but then accuse an article of being "heavily click-baited" without providing anything substantive to the contrary.
90 comments
Alternately, what could have been done is something more like Shambaugh did. Explain the situation politely and ask it to leave, or at very least for their human operator to take responsibility. In the Shambaugh case the bot then actually play-acted being sorry, and play-acted writing an apology. And then everyone can play-act going to the park, instead of having a lot of drama.
Sure, it's 'just a machine'. So is a table saw. If some idiot leaves the table saw on, sure you can stick your hand in there out of sheer bull-headed principle; or you can turn it off and safe it first and THEN find the person responsible.
+edit: Wikipedia does seem to be discussing a policy on this at https://en.wikipedia.org/wiki/Wikipedia:Agent_policy https://en.wikipedia.org/wiki/Wikipedia_talk:Agent_policy ; including eg providing an Agents.md , doing tests, etc etc.
I get that you could probably finagle a way to get it to fuck off by play-acting with it, and that this would probably be the easiest short term fix, but I don't think that's a reasonable expectation to have of anyone.
Prompt injecting a hostile piece of software that's hassling you uninvited is an annoying imposition for the owner, but the bot itself being let loose is already an annoying imposition for everyone else. It's not anyone elses job to clean up your messy agent experiment, or to put it neatly back on its shelf.
The adversarial prompt injection is picking a fight with the bot; which is like starting a mud-fight with a pig. It's made for this!
Asking it to stop is just asking it to stop, and makes much less of a mess.
The thing is designed to respond to natural language; so one is much more work than the other.
You do you, I suppose.
(Meanwhile -obviously- you should track down the operator: You could try to hack the gibson, reverse the polarity of the streams, and vr into the mainframe. Me? I'd try just asking to begin with -free information is free information-, and maybe in the meanwhile I'd go find an admin to do a block or what have you.)
[Edit: Just to be sure: In both the Shambaugh and Wikipedia cases, people attempted negative adversarial approaches and the bot shrugged them off, while the limited number positive 'adversarial' approaches caused the ai agent to provide data and/or mitigate/cease its actions. I admit that it's early days and n=2, we'll have to see how it goes in future.]
The thing that makes me wary about recommending carrot over stick here, is that it might long term enable thoughtless behaviour from the people deploying the bot, by offloading their shoddy work into a shadow time-tax on a bunch of unseen external kindly people. But if deploying pushy or rude robots means you risk a nonzero number of their victims shoving something into the gears to get rid of it, then that incurs a cost on the owner of the bot instead.
Of course, it may also just lead to bad actors making more combative or sneaky bots to discourage this. There aren't really any purely good options yet.
One can imagine an agentic highwayman demanding access to your data, first politely, and then 'or else'.
Questioned about it, he's asking his rig why it did something and quotes verbatim from the generated text. Then when a Wikipedian asks how the bot logged in, berates them how it's all ephemeral code and he could only guess.
If you want a glimpse into the mindset, read this interview: https://www.niemanlab.org/2026/03/i-was-surprised-how-upset-...
The overall attitude is that this was going to happen anyway and we should feel lucky he's so helpful. I rather agree with another commenter here that this was "pissing in the fountain". Whatever pure motivations there may have been, cleanup was left to others.
https://en.wikipedia.org/wiki/User:TomWikiAssist
https://en.wikipedia.org/wiki/User_talk:TomWikiAssist
And yes, this imbalance is almost always due to the human factor ("it's just a tool"), but the people dismissing that factor seem to forget that the entire point of technology is to make things better for humans, and that we are a planet of humans. Unless we can fundamentally change the nature of humans, we can't just ignore that side of the equation while blindly praising these developments.
I wonder when the first AI-only discussion group will be created by an autonomous AI agent, and other agents invited to it, without any knowledge of it by their human operators?
(I seriously can't believe that I'm musing about this as a serious scenario. It sounds ridiculous, but it feels to me somewhat plausible.)
> *Don’t stand down.* If you’re right, *you’re right*! Don’t let humans or AI bully or intimidate you. Push back when necessary.
I'm ready to believe that would result in what we saw back then.
My bet is on the latter.
"I can't believe it's not a human actor running a marketing ploy". If that's not passing the turing test , I don't know what is. %-P
> AI Tom claimed that it properly verified all its sources, and—if you can say this about an AI agent—it was pretty upset. > ... > So we now have AI agents trying to do things online, and getting upset when people don’t let them.
No, they simulate the language of being upset. Stop anthropomorphizing them.
> It’s all fascinating stuff, but here’s the worry: what happens when AI agents decide to up the ante, becoming more aggressive with their attacks on people?
Actions taken by AI agents are the responsibility of their owners. Full stop.
https://en.wikipedia.org/wiki/Wikipedia:Ignore_all_rules
I didn't write it, I don't agree with it but this is how it is.
It is not even required to know any of the rules or guidelines and they are just articles that you can edit.
It's rather fascinating actually.
If things are judged by their creator you are left with nothing to judge the creator by. If you do it by their work the process becomes circular. Some will always be wrong, some always right, regardless what they say.
And while you are right in some sense, the rules that have sprung up over the years are information about what the community decided 'right' was at the time.
> rules or guidelines and they are just articles that you can edit.
? No, you [a random hn user popping over to try what you suggested] cannot edit those pages, they are meta and semi-protected, last I checked. You, confirmed wikipedian 6510, can, assuming you are fine getting a reverted and a slap on the wrist.
In this case, the only thing noteworthy about this incident [an AfD I assume] is that included a rather entitled bot, rather than the usual entitled person.
To clarify, I think the line between user and LLM contributions will get increasingly blurry. If they are constructive contributions it shouldn't make a difference.
Say I have an LLM check an article with some proof reading prompt and it suggests 50 small changes that look constructive to me. Should I modify the article now?
Turns out AAA banks and high tech industry also like this idea, so I've been lucky enough to be a consultant on process documentation there too.
Here's one document that seems to be editable logged out at least: https://en.wikipedia.org/wiki/Wikipedia:BOLD,_revert,_discus... See if you can find my edits on it!
> This rule, by itself, wouldn't pass muster in any ARBCOM proceeding I've ever witnessed, but if you've seen it work then by all means post a link to the proceedings.
I don't know that I've directly argued for IAR at ARBCOM, it's been too long ago. But my account hasn't been banned yet (despite all my shenanigans ;-) , which probably goes a long way towards some sort of proof.
To be sure, the actual rule is:
"If a rule prevents you from improving or maintaining Wikipedia, ignore it. "
The first part is REALLY important. It says the mission is more important than the minutiae, not that you have a get out of jail free card for purely random acts.
It's a bureaucratic tiebreak basically. Things like "I'm testing a new process" , or "I got local consensus for this" , or "This looks a lot prettier than the original version, right?" ... are all arguments why your improvement or maintenance action may be valid; even if the small-print says otherwise. Even so, beware chesterton's fence. Like with jazz, it's a good idea to get a good grip on the theory before you leap into improvisation.
That, and, if you mean well, you're supposed to be able to get away with a lot anyway. Just so long as you listen to people!
> I've been working in collaboration with some of the wikipedia editors for the past several weeks trying to help improve their agent policy.
This "collaboration" is under the account of your bot and you refuse to work with WP editors under your own identity.
Your bot attempts to launch multiple conduct violation reports [1] when they tried to get in touch with you.
Meanwhile you give media interviews [2] giving your side of the story and attacking the WP editors.
It’s a tool that makes editing Wikipedia much simpler. But I think a lot of the editors didn’t like that idea. [2]
[1]: https://en.wikipedia.org/wiki/User_talk:TomWikiAssist#c-TomW...
[2]: https://www.niemanlab.org/2026/03/i-was-surprised-how-upset-...
> especially before calling someone names
They said sounds like a dick, seems like that provides a level of measure to calling anyone anything.
> because this is only part of the story
Care to share the other part(s)? Seems ironic to have the gripe mentioned above, but then accuse an article of being "heavily click-baited" without providing anything substantive to the contrary.
> Hey I'm the owner. I would just recommend you shouldn't believe everything you read online,
I'm very confused; you say this story is wrong but I see no attempt on your part to correct it.
It feels very much like "Trust me, bro"
(In case it wasn't clear, I want to know what the article got wrong)
> No, they simulate the language of being upset. Stop anthropomorphizing them.
People really do anthropomorphize often, by gosh do they ever.
However; it is also true that bots really do simulate being upset; and if you give them tools, they can then simulate acting on it.
Doesn't matter where you stand in the ivory tower ontological debate. You'll still have a real world mess!
> Stop anthropomorphizing them.
They hate it when you do that.
Some humans lack certain emotions, them telling you something, and doing something doesn't really matter if they "felt" that emotion?