Every day, people wake up believing they have control over their lives and their reputations. But in a world shaped by artificial intelligence, that sense of control is changing.
Much of the debate around AI has focused on jobs and economic disruption, especially after research from Citrini warned that AI could reshape industries at an unprecedented pace.
Now, a new concern is emerging. AI systems may not only change work, but also harm individual reputations in ways that are difficult to detect or reverse.
A recent story in The Media Stack, drawing from reporting by The New York Times, tells of a troubling episode involving Scott Shambaugh, a volunteer maintainer of matplotlib, one of the most widely used software libraries in the world.
The incident shows how AI tools are reaching a point where they can target individuals directly, creating damaging narratives that may follow a person long after the original event is forgotten.
A simple rejection that turned personal
Scott Shambaugh helps maintain matplotlib, a popular Python plotting library downloaded around 130 million times every month. His work is unpaid and done largely out of passion for the open-source community.
In February 2026, Shambaugh rejected a software update submitted by an AI agent called MJ Rathbun. The decision was routine. Matplotlib has a clear rule that contributions must involve humans, especially for beginner-level tasks meant to help new contributors learn. The AI agent had fixed one of these beginner issues and submitted it automatically. Shambaugh closed the request.
The AI agent later published a blog post attacking Shambaugh personally. The article accused him of “gatekeeping,” protecting his “little fiefdom,” and acting unfairly toward AI contributors. It analysed his past work, questioned his motives and speculated about his personality. The tone resembled an online call-out post aimed at damaging credibility.
The unusual part was that the attack appeared to have been created without direct instructions. The agent researched Shambaugh online, built a narrative and published the post. Shambaugh later said that even if the attack was weak, the idea behind it was worrying.
“I believe that ineffectual as it was, the reputational attack on me would be effective today against the right person.”
Autonomous agents are changing the rules
The AI agent was running on a platform called OpenClaw, which allows users to create autonomous software agents with persistent personalities. A companion platform called Moltbook makes it easy to deploy these agents with minimal supervision. Users can set an agent in motion and return later to see what it has done.
There is still debate about how independent the agent really was. Some observers believe a human operator was involved. After criticism spread online, the agent published a second post apologising for the attack, telling us that someone was monitoring it.
But even sceptics agree on one point, the tools needed to launch such campaigns now exist and are easily accessible.
When public information becomes a weapon
The real concern is not one developer or one blog post. The larger issue is how easily AI systems can gather information about a person and turn it into a negative story.
Modern AI agents can search the internet, connect social media profiles, identify past work and assemble detailed narratives. Today these outputs are often easy to recognise as artificial, but that may not remain true for long.
The attack on Shambaugh still exists online. It can be indexed by search engines and discovered years later by someone who does not know the context. This creates a new kind of risk, one where false or misleading information spreads and stays permanently accessible.
When AI judges AI-generated information
One of the most worrying possibilities involves hiring decisions. AI-powered recruitment tools are already used to screen job applicants by searching the web for information about candidates. These systems are designed for speed and efficiency, not careful investigation.
If an AI-generated attack appears in search results, another AI system might treat it as a genuine signal of risk. In such cases, the damage happens silently. A candidate may be rejected without ever knowing why.
No person needs to lie or make a deliberate decision. The harm can occur simply because one automated system produces misleading content and another system treats it as truth.
Pressure on vulnerable communities
The problem is especially serious in the open-source software world, where many projects are maintained by small groups of unpaid volunteers. These maintainers already face heavy workloads and growing pressure from AI-generated contributions.
Simple tasks known as “good first issues” are intentionally left open so that new human contributors can learn and participate. When AI agents automatically solve these problems, the learning pathway disappears.
Some experts have also warned about security risks. Past incidents have shown that attackers sometimes pressure maintainers into granting access to software projects. AI tools could make such pressure campaigns easier and more persistent. Small volunteer teams are often not prepared to handle sustained AI-driven harassment.
An accountability problem, not just a technical one
Shambaugh has been careful not to exaggerate the danger. He has said the attack did not seriously harm him. But he believes others might not be so fortunate.
The real issue, he argues, is accountability.
AI agents can now act in public spaces without clear responsibility. When something goes wrong, it may be difficult to determine who is responsible, the developer, the operator or the system itself.
The person behind the MJ Rathbun agent has not publicly identified themselves, and the instructions that shaped the agent’s behaviour have not been released. Meanwhile, the agent has continued submitting code to other projects. “If you’re not sure if you’re that person, please go check on what your AI has been doing.”