Attackers explain how an anti-spam defense became an AI weapon.

Building on an anti-spam cybersecurity tactic known as tarpitting, he created Nepenthes, malicious software named after a carnivorous plant that will “eat just about anything that finds its way inside.”

Aaron clearly warns users that Nepenthes is aggressive malware. It’s not to be deployed by site owners uncomfortable with trapping AI crawlers and sending them down an “infinite maze” of static files with no exit links, where they “get stuck” and “thrash around” for months, he tells users. Once trapped, the crawlers can be fed gibberish data, aka Markov babble, which is designed to poison AI models. That’s likely an appealing bonus feature for any site owners who, like Aaron, are fed up with paying for AI scraping and just want to watch AI burn.

  • @[email protected]OPEnglish
    162 days ago

    It’s unclear how much damage tarpits or other AI attacks can ultimately do. Last May, Laxmi Korada, Microsoft’s director of partner technology, published a report detailing how leading AI companies were coping with poisoning, one of the earliest AI defense tactics deployed. He noted that all companies have developed poisoning countermeasures, while OpenAI “has been quite vigilant” and excels at detecting the “first signs of data poisoning attempts.”

    Despite these efforts, he concluded that data poisoning was “a serious threat to machine learning models.” And in 2025, tarpitting represents a new threat, potentially increasing the costs of fresh data at a moment when AI companies are heavily investing and competing to innovate quickly while rarely turning significant profits.

    “A link to a Nepenthes location from your site will flood out valid URLs within your site’s domain name, making it unlikely the crawler will access real content,” a Nepenthes explainer reads.

    • @[email protected]English
      72 days ago

      Same problems with tarpitting. They search engines are doing the crawling for each of their own companies, you don’t want to poison your own search results.

      Conceptually, they’ll stop being search crawls altogether and if you expect to get any traffic it’ll come from AI crawls :/

      • umami_wasabiEnglish
        61 day ago

        I think to use it defensively, you should put the path into robots.txt, and only those doesn’t follows the rule will be greeted with the maze. For proper search engine crawler, that’s should be the standard behavior.

        • @[email protected]English
          41 day ago

          Spiders already detect link bombs, recursion bombs, they’re capable of rendering the page out in memory to see what’s truly visible.

          It’s a great idea but it’s a really old trick and it’s already been covered.