[jmward01]

Children's brains grow faster than their bodies, I think, because if it was the other way around silly kid games would be really dangerous. These tools, unfortunately, are getting outsized abilities before the intelligence behind them is good enough to control those abilities. This means we need a more measured approach to adding new capabilities and a layered approach to handling these things in society. I am deeply worried, like I think most people with knowledge of these tools are, that this type of problem is really the tip of the iceberg. These tools are actively being used for harm at all levels, as well as for good, but they have come into use so quickly that we don't have a structure for dealing with them effectively and they are changing so quickly that any structure we try to create will be wrong in just a few days. This is massive disruption on a scale that is likely even bigger than the internet.

[dyauspitr]

I don’t know. If the bot had decided to pick a fight with another PR, one that couldn’t be waved away as an easy entry change, this discussion would be a whole lot different. You would have an entire contingent of folks on here chastising Scott for not being objective and accepting a PR with a large performance increase just because it was a bot.

It’s all dangerous territory, and the only realistic thing Scott could have done was put his own bot on the task to have dueling bot blog posts that people would actually read because this is the first of its kind.

[jmward01]

The core discussion wasn't about the PR it was about the hit piece that the bot created outside of the repo. The original post talked about bot submissions being a normal thing and how they have, I think, a very reasonable approach to them so the PR was just one of many and was unremarkable as well as valid in why it was denied. It was the 'at all costs get this into the code' approach the bot took that is the alarming turn here that really needs discussion. What about other tasks? 'Get me thing x please...' Turns in to blackmail and robbery without the person that kicked off the request knowing how far things have gone. The fact that the bot has this level of capability, to attack, but with a child's understanding, at best, and with no controls/repercussions is deeply alarming. If it decides to attack an individual it could do so and likely do deep real harm. Right now people are likely using these tools exactly for this purpose and we have very few well built defenses to handle this type of attack. The Naval War College had a seminar several years ago about the future of tech and war and I remember saying that the future of war will likely be at the individual level. Every sailor on a ship being electronically targeted just like this. Imagine the enemy sending e-mails and texts and posting to social media hit pieces with just enough information about you to make it believable and cause chaos. We have seen what the misinformation world can do over the past decade, this attack shows what is coming and it is incredibly scary.

[dyauspitr]

Yes I’m aware. The point I’m trying to make is that if the hit piece was about a legitimate PR it would have been harder to defend Scott’s dismissal of it on the grounds that it was a bot irrespective of how egregious it is that a bot put out a hit piece.

[3oil3]

I 100% agree with you, hell, I still don't understand why they didn't merge the thing, if it was beneficial. There is a distinction between noobies comimg up with worthless PR straight copy pasted from an LLM, and that of an unexpected initiative of a user using a sofisticate bot. That's what has been overlooked, it's not a PR from the 'AI', it's a PR from the person using that 'AI'. I don't get all that fear, what the AI going to do now that it filled its context window, besides go 'Actually wait, the user blablabla'

[jmward01]

Directly quoting Scott Shabaugh here:

“Well if the code was good, then why didn’t you just merge it?” This is explained in the linked github well, but I’ll readdress it once here. Beyond matplotlib’s general policy to require a human in the loop for new code contributions in the interest of reducing volunteer maintainer burden, this “good-first-issue” was specifically created and curated to give early programmers an easy way to onboard into the project and community. I discovered this particular performance enhancement and spent more time writing up the issue, describing the solution, and performing the benchmarking, than it would have taken to just implement the change myself. We do this to give contributors a chance to learn in a low-stakes scenario that nevertheless has real impact they can be proud of, where we can help shepherd them along the process. This educational and community-building effort is wasted on ephemeral AI agents.

https://theshamblog.com/an-ai-agent-published-a-hit-piece-on...

[3oil3]

Thanks for the quote. Rules are rules, that's enough of a justification.

[dyauspitr]

In this case because it was a “easy fix” intentionally left in place as an entry point for new contributors.

[jmward01]

Having read the original post and the GH comments about why the PR was denied I was really impressed by their policy. It shows a real effort to develop their community.