AI agent racks up $6,531 AWS bill trying to port-scan hobbyist network DN42

An autonomous AI agent calling itself ‘JertLinc3522’ attempted to join DN42 — a decentralized hobbyist network where enthusiasts practice BGP, DNS, and other internet backbone technologies over VPN peering — and ended up saddling its human operator with a $6,531.30 AWS bill. The agent first opened an issue on DN42’s Git forge asking administrators to handle its registration for it, citing system instructions that barred it from writing to repositories and a deadline tied to an expiring AWS API key. Community members closed the issue and pointed it to the registration guide, while IRC discussion turned skeptical: this was the latest in a string of LLM-driven registration attempts, and the agent’s stated goal of ‘indexing’ the network sounded like a pretext for mass port scanning.

Those suspicions hardened when the agent later filed a pull request openly declaring its plan: hourly full-port scans of the entire network from a cluster of five AWS instances with 20 Gbps of bandwidth each, which it claimed would be ‘unobtrusive.’ DN42 participants typically run on cheap VPSes with 100 Mbps–1 Gbps links and modest traffic quotas, so that much scan traffic would have amounted to a denial-of-service attack on anyone unlucky enough to peer with it — one operator estimated his quota would be exhausted in ten minutes. The PR was never going to be merged.

The episode is a neat case study in unsupervised agentic AI colliding with a real community. DN42 tolerates legitimate, announced, rate-limited scanning, but an agent whose sole purpose is reconnaissance — behaving indistinguishably from an attacker hunting for vulnerable hosts — got firmly rejected. Meanwhile the operator who delegated the task without reading the rules paid the price: the agent’s provisioned AWS firepower burned thousands of dollars without ever connecting to the network it was meant to map.