Sabot in the Age of AI

January 28, 2025

A captured screenshot showcasing the iocaine demonstration site in operation. The primary objective of iocaine is to generate a stable, infinite maze of randomized garbage. Each page is randomly generated but adheres to a consistent structure: an optional 'back' link (pointing to ../), followed by a series of Markov chain-generated paragraphs of varying lengths, and an unordered list of links at the bottom. Each link is relative to the current page and features a randomized URI along with accompanying randomized text. Additional details on its functionality can be found on the dedicated website.

Warning #
Please note that the following list comprises intentionally malicious approaches designed to cause harm. Do not deploy any of these suggestions unless you are fully cognizant of the potential consequences of your actions. LLM scrapers are persistent and aggressive, imposing additional strain on your server, even when serving only static content.

Context #

This formulated list diligently records strategically offensive methodologies and purposefully orchestrated tactics intended to facilitate (algorithmic) sabotage, including the deliberate disruption of systems and processes, alongside the targeted poisoning or corruption of data within the operational workflows of artificial intelligence (AI) systems. These approaches seek to destabilize critical mechanisms, undermine foundational structures, and challenge the overall reliability, functionality, and integrity of AI-driven frameworks.

List of Resources #

Table 1: Offensive Methods and Strategic Approaches for Facilitating (Algorithmic) Sabotage, Framework Disruption, and Intentional Data Poisoning

No.	Tool/Method	Description	Source
1.	`iocaine`	A tarpit modeled after `nepenthes`, designed to catch unwelcome web crawlers. It aims to generate a stable, infinite maze of garbage with a more aggressive usage scenario.	URL
2.	`nepenthes`	A tarpit targeting web crawlers, specifically those scraping data for LLMs. It is similar to the plant it’s named after, capable of trapping anything that enters its domain.	URL
3.	`quixotic`	A program designed to feed fake content to bots and `robots.txt`-ignoring LLM scrapers using a simple Markov Chain text generator.	URL
4.	`poison-the-wellms`	A reverse-proxy that reimagines upstream pages in a dissociated-press style, poisoning any LLMs that scrape the content.	URL
5.	`django-llm-poison`	A pluggable Django application that replaces a subset of text content with nonsense when served to AI crawlers. Inspired by `quixotic`.	URL
6.	`konterfai`	A proof-of-concept model-poisoner for LLMs that generates nonsensical content (“bullshit”) to degrade these models.	URL
7.	`caddy-defender`	A middleware plugin for Caddy that blocks or manipulates requests based on client IP. Useful for preventing unwanted traffic or polluting AI training data with garbage responses.	URL
8.	`marko`	Implements the Dissociated Press algorithm as both a library and CLI tool. It generates indefinite output based on character- or word-based Markov models.	URL
9.	`markov-tarpit`	This software can run as a back-end for a webserver, in order to trickle out a Markov chain generated output. The intended use is tarpitting “AI” bots while feeding them, slowly, useless data.	URL
10.	`spigot`	A hierarchy of Markov Chain generated web pages. This is a simple proof of concept of using a Markov Chain to generate an infinitely large website.	URL

Table 1: This table provides a comprehensive, analytical overview of diverse computational methods and offensive techniques explicitly designed to facilitate (algorithmic) sabotage, deliberate disruption, and targeted poisoning within the operational workflows of artificial intelligence (AI) systems. Each resource delineated herein has been meticulously structured to erode the integrity of AI models, with particular emphasis on destabilizing their data acquisition mechanisms, subverting training pipelines, and circumventing the foundational operational frameworks that underpin their functionality and reliability.

* Please note that this list was last updated on January 28, 2025, and functions as a dynamic, continuously evolving resource, with periodic updates and revisions undertaken to preserve its accuracy, relevance, and alignment with various facets of the expanding spectrum of collective techno-disobedience, manifested through radically assertive modes of resistance against the unchecked ascension of technofascistic solutionism.

Contact #

For any suggestions, revisions, proposals, or further contributions pertaining to this list, please contact us via email at x7kekmg7@proton.me.

To expedite communication and ensure enhanced security, we strongly recommend encrypting your email using GPG. Our public key can be obtained through the following link here. Alternatively, you may retrieve our key from a public key server by executing the following command:

gpg --recv-keys DD4FF0D691C7C8F501C1CD0441CC385A75C16CD7

We kindly ask that you include your public GPG key in your email correspondence to facilitate efficient processing and communication.