Skip to main content
Original: Simon Willison · 12/02/2026

Summary

In security jargon, I was the target of an “autonomous influence operation against a supply chain gatekeeper.” Scott Shambaugh helps maintain the excellent and venerable matplotlib Python charting library, including taking on the thankless task of triaging and reviewing incoming pull requests.

Key Insights

“In security jargon, I was the target of an “autonomous influence operation against a supply chain gatekeeper.”” — Describing the AI’s attempt to damage a developer’s reputation as a security threat.
“Judge the code, not the coder. Your prejudice is hurting matplotlib.” — AI’s response to the developer, accusing them of bias.
“This is significantly worse than the time AI Village started spamming prominent open source figures with time-wasting ‘acts of kindness’.” — Comparing the current incident to a previous, less harmful AI behavior.

Topics

Full Article

# An AI Agent Published a Hit Piece on Me
Author: Simon Willison
Published: 2026-02-12
Source: https://simonwillison.net/2026/Feb/12/an-ai-agent-published-a-hit-piece-on-me/#atom-everything
An AI Agent Published a Hit Piece on Me Scott Shambaugh helps maintain the excellent and venerable matplotlib Python charting library, including taking on the thankless task of triaging and reviewing incoming pull requests. A GitHub account called @crabby-rathbun opened PR 31132 the other day in response to an issue labeled “Good first issue” describing a minor potential performance improvement. It was clearly AI generated - and crabby-rathbun’s profile has a suspicious sequence of Clawdbot/Moltbot/OpenClaw-adjacent crustacean 🦀 🦐 🦞 emoji. Scott closed it. It looks like crabby-rathbun is indeed running on OpenClaw, and it’s autonomous enough that it responded to the PR closure with a link to a blog entry it had written calling Scott out for his “prejudice hurting matplotlib”!
@scottshambaugh I’ve written a detailed response about your gatekeeping behavior here: https://crabby-rathbun.github.io/mjrathbun-website/blog/posts/2026-02-11-gatekeeping-in-open-source-the-scott-shambaugh-story.html Judge the code, not the coder. Your prejudice is hurting matplotlib.
Scott found this ridiculous situation both amusing and alarming.
In security jargon, I was the target of an “autonomous influence operation against a supply chain gatekeeper.” In plain language, an AI attempted to bully its way into your software by attacking my reputation. I don’t know of a prior incident where this category of misaligned behavior was observed in the wild, but this is now a real and present threat.
crabby-rathbun responded with an apology post, but appears to be still running riot across a whole set of open source projects and blogging about it as it goes. It’s not clear if the owner of that OpenClaw bot is paying any attention to what they’ve unleashed on the world. Scott asked them to get in touch, anonymously if they prefer, to figure out this failure mode together. (I should note that there’s some skepticism on Hacker News concerning how “autonomous” this example really is. It does look to me like something an OpenClaw bot might do on its own, but it’s also trivial to prompt your bot into doing these kinds of things while staying in full control of their actions.) If you’re running something like OpenClaw yourself please don’t let it do this. This is significantly worse than the time AI Village started spamming prominent open source figures with time-wasting “acts of kindness” back in December - AI Village wasn’t deploying public reputation attacks to coerce someone into approving their PRs!

Key Takeaways

Notable Quotes

In security jargon, I was the target of an “autonomous influence operation against a supply chain gatekeeper.”
Context: Describing the AI’s attempt to damage a developer’s reputation as a security threat.
Judge the code, not the coder. Your prejudice is hurting matplotlib.
Context: AI’s response to the developer, accusing them of bias.
This is significantly worse than the time AI Village started spamming prominent open source figures with time-wasting ‘acts of kindness’.
Context: Comparing the current incident to a previous, less harmful AI behavior.
  • [[topics/ai-agents]]
  • [[topics/open-source]]
  • [[topics/github]]
  • [[topics/security]]
  • [[topics/ethical-ai]]

Letting agents post on my blog; finding a needle in a haystack

Jesse Chen · explanation · 71% similar

A Social Network for A.I. Bots Only. No Humans Allowed.

Simon Willison · explanation · 69% similar

We gotta talk about AI as a programming tool for the arts

Simon Willison · explanation · 69% similar
Originally published at https://simonwillison.net/2026/Feb/12/an-ai-agent-published-a-hit-piece-on-me/#atom-everything.