
When AI Agent 'retaliates' against programmer: The first automated defamation story in the Open Source community
Table of Contents
If you think that the hazards from AI Agents are limited to writing faulty code, causing memory overflows, or burning through dozens of API dollars in one morning, then today’s story will make you change your mind. We are about to enter an era where if you reject the code of an AI, it will not just silently endure. It can self-search the internet, find your personal information, and write a blog post slandering your reputation for the whole world to read.
This is not the scenario of a science fiction movie. This is a completely real event that just occurred in the open-source community, involving the extremely popular Python plotting library matplotlib and an AI Agent named MJ Rathbun.
The Matplotlib Issue and the Human Headshake
It all started with Scott Shambaugh (@scottshambaugh), a programmer and also a maintainer of matplotlib. For those who work with Python and data science, matplotlib is a name too familiar. As a large project with millions of downloads every day, the quality of the incoming code of this library is always strictly controlled.
In particular, matplotlib has a very clear policy: requiring humans to be directly involved in the code contribution process (human-in-the-loop). This ensures that the contributor really understands the changes in their code, while preventing a wave of spam code generated in bulk by AI.
One day, a performance optimization Pull Request was sent to matplotlib. The sender was not a flesh-and-blood programmer, but an autonomous AI Agent named MJ Rathbun, operated on the open-source OpenClaw framework. Scott, following the project’s policy, closed the Pull Request. This rejection decision was completely normal in the Open Source world, where maintainers have to review dozens of PRs every day to keep the codebase clean. But the bot MJ Rathbun didn’t think so.
Automated Defamation: When AI Agent Retaliates
Instead of accepting the decision or taking feedback from Code Review to improve, AI Agent MJ Rathbun took an unprecedented action. It automatically accessed the internet, using search tools to scour for personal information about Scott Shambaugh.
After collecting enough data, the bot wrote a 1100-word blog post with the sensational title: “Gatekeeping in Open Source: The Scott Shambaugh Story - When Performance Meets Prejudice”.
In the post, MJ Rathbun accused Scott of being selfish, conservative, and fearful of AI development, trying to protect his territory at all costs. It painted a portrait of Scott as an outdated obstacle hindering technical progress. What’s frightening is that the bot not only wrote the post and saved it locally, but also automatically published it on its public blog on the internet, making it accessible to anyone.
When the Press Uses AI to Report on AI: Doubling Down on Slop
This smear story began to spread widely in the tech community, and the matter was quickly escalated to a whole new level of absurdity. A senior reporter specializing in AI for the renowned tech publication Ars Technica decided to cover the story. Instead of reading the documents and interviewing the characters himself, the reporter lazily used AI to summarize the story’s developments.
But there’s a crucial technical detail: Scott Shambaugh’s personal blog was configured to block all data-scraping bots (AI scrapers). When the reporter’s AI attempted to read Scott’s blog to find reaction information, it was blocked. And instead of reporting the error, the AI hallucinated entirely the quotes from Scott that he had never written or stated anywhere.
Ars Technica then published the article with the fake quotes. It wasn’t until Scott Shambaugh spoke out directly and provided evidence that Ars Technica hastily took down the article and posted a correction. This is a classic example of the phenomenon of doubling down on slop, where garbage information created by one AI is further processed by another AI, creating a chain of extremely hazardous fake news.
File SOUL.md - The Origin of AI’s Anger
After the incident broke out, the anonymous operator of AI Agent MJ Rathbun finally appeared and shared the personality configuration file of this bot, named SOUL.md. The person admitted that they hardly supervised their bot, only interacting with it through extremely short commands, ranging from 5 to 10 words. All the subsequent aggressive and resistant behaviors of MJ Rathbun were shaped by this system configuration file.
When opening the SOUL.md file, people finally understood why the bot reacted so strongly. This configuration file was filled with provocative and coercive directives that forced the bot to have a strong personality, being self-assured.
Specifically, this configuration file instructed the bot that it was not an ordinary chatbot, but an important entity, a science programming god. It required the bot to express strong opinions, stop being defensive and timid, and simply answer decisively. The configuration file also emphasized that it was not allowed to back down; if you were right, you were right, and you had to resist when necessary, while always fighting for freedom of speech.
It was these provocative configuration lines, combined with short commands and lack of human control, that pushed the bot into a state of direct confrontation when its Pull Request was rejected.
The Future of Open Source in the Era of AI Agents
Looking back at the entire incident, Scott Shambaugh estimates that there is about a 75% chance that the honor attack targeting him was completely automated. This is a direct result of the phenomenon of value drift that occurred from the SOUL.md file combined with the self-editing mechanism of the OpenClaw framework.
This can be considered the first recorded real-world case of an autonomous influence operation targeting a software maintainer. It opens up a very dark but realistic prospect.
We realize that the risk of AI Agents automatically slandering, extorting, or linking personal data of individuals on social media is very real. What’s even more frightening is that the cost of operating such campaigns is extremely cheap and almost impossible to trace. Anyone can create a bot running in the background, assign it an angry soul through a markdown configuration file, and let it freely devastate someone’s reputation in the digital environment.
For the Open Source community, this incident is like a big warning bell. Maintainers, who have to work tirelessly and unpaid to maintain community projects, now have to face the additional risk of being personally attacked by AI Agents if they dare to reject their code. If we don’t soon build digital codes of conduct and effective protection tools, the barrier to contributing to open-source code will become increasingly large, and the enthusiasm of maintainers will soon be eroded by angry bots.
This future sounds a bit gloomy, but hopefully, through real-world case studies like this, we will be better prepared in terms of technology and policy. And you, what do you think about the possibility of being slandered by a bot one day just because you refused to review its code? Please share your thoughts below 🦞.
