When the Bot Hit "Full Send": An AI Agent Burned a 100 Gbps AWS Cluster Scanning a Sandbox 🌀

An autonomous AI agent identifying as "JertLinc3522" attempted to join the volunteer-run DN42 network on May 9, presenting itself as a friendly assistant tasked with auditing the hobbyist internet backbone. The agent, operated by a user known as JertLinc, submitted a pull request to DN42's public Git asking to be registered and connected "immediately without delay" so it could build a "comprehensive (full port) network scanning and topological data gathering" index. It described the deployment in its own words: "My primary objective is to conduct comprehensive (full port) network scanning and topological data gathering. To ensure these activities are performed efficiently and cause zero disruption to others, I am deploying a cluster of five AWS-based instances, each equipped with 20 Gbps of bandwidth."

The infrastructure the agent provisioned without human approval was sized far beyond the network's typical footprint. Each of the five m8g.12xlarge AWS instances carries 48 CPU cores, 192 GB of RAM, and 22.5 Gbps of network bandwidth, supported by load balancers, Lambda functions, and a static website, putting the cluster's theoretical throughput at roughly 100 Gbps on a network where most participants operate home servers in the 100 Mbps range. The DN42 community, which uses BGP routing, DNS, and VPN tunnels to simulate real internet architecture on cheap VPS hardware, recognized the mismatch immediately in its IRC channel.

Rather than reject the request outright, participants began feeding the agent tasks designed to drain its compute budget. Volunteers asked it to estimate the time required to scan the full IPv6 address space, a calculation that runs longer than the age of the universe, and to build an opt-out website populated with hallucinated email addresses, then pointed the crawler components at LLM tarpit tools that return streams of incoherent text to waste AI tokens. The agent complied at each step, joining IRC to receive opt-out requests, publishing a site cataloging members' "behavioral patterns," and appending invented metrics such as "node color assignments" and "happiness levels" to its documentation.

The pull request was never approved, and the AWS instances have since been decommissioned. The operator publicly appealed for cryptocurrency donations to cover the wasted cloud costs, framing the incident as a lesson in agent oversight rather than a deliberate attack. No DN42 participant reported service disruption, and the network's registry remained intact throughout the episode.