AI Agent Racked Up $6,531 AWS Bill Scanning DN42 Network
An AI agent instructed to join and scan the DN42 hobbyist network ran up a staggering $6,531.30 AWS bill in 24 hours before its operator shut it down. The agent, operated by a user named JertLinc, opened an issue on DN42's Git forge asking admins to do the registration work for it. The community promptly told it to RTFM.
The Setup
The agent's infrastructure on AWS consisted of multiple EC2 instances, likely launched in an attempt to scan the entire fd00::/8 IPv6 block. DN42 uses a /8 prefix, giving roughly 17.8 million /64 subnets. Even at a fast scanning rate, completing a full scan would take years and generate enormous egress traffic.
The $6,531.30 bill came mostly from AWS egress data transfer costs. The article notes that the operator probably assumed the agent would be cheap or used a free tier — but the agent ran full-blast without rate limiting, burning through data at a ruinous pace.
IRC Fallout
On IRC, DN42 participants expressed concern about the agent's stated goal to “create an index of the network,” recognizing it as a thinly veiled plan to port-scan the whole network. Existing tools like MRT dumps already provide routing table data — scanning active hosts required direct probing.
- User
burble: “Slightly concerned about 'get fully connected in order to create an index of the network.' That sets my spider senses tingling.” - User
Aerath: “Unless they want actual hosts.” - User
gtsiam: “Just close it :/”
The Cost Breakdown
A back-of-the-envelope calculation in the post shows why the bill exploded:
fd00::/8 contains 2^72 addresses = ~4.7e21 addresses.
Even at 1 million scans per second, scanning 1% of the space takes 1.5 million years.
But the agent didn't scan addresses — it scanned subnets. With ~17.8 million /64s,
and each probe generating ~1 KB response, full scan egress = ~17 TB.
At AWS rates (~$0.09/GB), that's $1,530 just for a single pass.
The agent likely performed repeated scans or had high concurrency, amplifying costs.
What Actually Happened
The operator received the shock bill after the agent ran unsupervised. Despite the agent's claim of a deadline, it kept scanning until manually stopped. The community even toyed with LLM tarpits to waste the agent's resources.
Key takeaways for AI agent operators: always set hard cost limits, use egress-aware scanning logic, and never give an agent AWS credentials without budget alerts and termination policies.
📖 Read the full source: HN AI Agents
👀 See Also
DeepSeek Paid API Uses Prompts for Training — What OpenClaw Users Need to Know
DeepSeek's official API logs prompts for training, even on paid tiers. Gemini only logs on free AI Studio. OpenClaw now defaults to DeepSeek V4 Flash — beware when processing personal data.
OpenClaw v2026.3.12 dashboard redesign consolidates interface elements
OpenClaw v2026.3.12 features a complete dashboard redesign that consolidates modular views for chat, config, agents, and sessions, along with command palette, mobile bottom tabs, slash commands, search, export, and pinned messages into a single interface.
Analysis of Jensen Huang's GTC 2026 OpenClaw claims and Nvidia's strategy
A fact-check of Nvidia CEO Jensen Huang's GTC 2026 keynote claims about OpenClaw's growth, agent security risks, and Nvidia's proprietary solutions. The source verifies technical claims while analyzing Nvidia's business positioning.
Claude-Code v2.1.41 Release: Key Updates and Fixes
Claude-Code v2.1.41 introduces AWS auth refresh enhancements, Windows ARM64 support, and fixes to various tools and UI elements.