The Four Horsemen of the LLM Apocalypse - anarcat
I have been battling Large Language Models (LLM1) for the past<br>couple of weeks and have struggled to think about what it means and<br>how to deal with its fallout.
Because the fight has come from many fronts, I've come to articulate<br>this in terms of the Four Horsemen of the Apocalypse.
Sound track: Metallica's The Four Horsemen, preferably<br>downloaded from Napster around 2000, but now I guess you get<br>it on YouTube.
The Four Horsemen of the LLM Apocalypse
War: bot armies
Side note on LLM "order of battle"
Famine: shortages
Death: security and copyright
Pestilence: slop
The fifth horsemen
The Tower of Babel
War: bot armies
Let's start with War. We've been battling bot armies for control of<br>our GitLab server for a while. Bots crawl virtually infinite<br>endpoints on our Git repositories (as opposed to downloading an<br>archive or shallow clone), including our fork of Firefox, Tor Browser,<br>a massive repository.
At first, we've tried various methods: robots.txt, blocking user<br>agents, and finally blocking entire networks. I wrote<br>asncounter. It worked for a while.
But now, blocking entire networks doesn't work: they come back some<br>other way, typically through shady proxy networks, which is kind<br>of ironic considering we're essentially running the largest proxy<br>network of the world.
Out of desperation, we've forced users to use cookies when<br>visiting our site. We haven't deployed Anubis yet, as we worry<br>that bots have broken Anubis anyways and that it does not really<br>defend against a well-funded attacker, something which Pretix<br>warned against in 2025 already.
(We have a whole discussion regarding those tools here.)
But even that, predictably, has failed. I suspect what we consider<br>bots are now really agents. They run full web browsers, JavaScript<br>included, so a feeble cookie is no match for the massive bot armies.
Side note on LLM "order of battle"
We often underestimate the size of that army. The cloud was huge even<br>before LLMs, serving about two thirds of the web. Even larger swaths of<br>clients like government and corporate databases have all moved to the<br>cloud, in shared, but private infrastructure with massive spare<br>capacity that is readily available to anyone who pays.
LLMs have made the problem worse by dramatically expanding the<br>capacity of the "cloud". We now have data centers that defy<br>imagination with millions of cores, petabytes of memory, exabytes<br>of storage.
I thought that 25 gigabit residential internet in Switzerland<br>could bring balance, but this is nothing compared to the scale of<br>those data centers.
Those companies can launch thousands, if not millions of fully<br>functional web browsers at our servers. Computing power or bandwidth<br>are not a limitation for them, our primitive infrastructure is. No one<br>but hyperscalers can deal with this kind of load, and I suspect that<br>they are also struggling, as even Google is deploying extreme<br>mechanisms in reCAPTCHA.
This is the largest attack on the internet since the Morris<br>worm but while Robert Tappan Morris went to jail on a felony,<br>LLM companies are celebrated as innovators and will soon be too big to<br>fail.2
Which brings us to the second horsemen, famine.
Famine: shortages
All that computing power doesn't come out of thin air: it needs<br>massive amounts of hardware, power, and cooling.
Earlier this year, I've heard from a colleague that their Dell<br>supplier refused to even provide a quote before August. Dell!
In February, Western Digital's hard drive production for 2026 was<br>already sold out. Hard drives essentially doubled in price within<br>a year, and some have now tripled. A server quote we had in<br>November has now quadrupled, going from 10 thousand to FORTY<br>thousand dollars for a single server.
But regular folks are facing real-life shortages as well, as<br>city-size data centers are being built at neck-breaking speed,<br>stealing fresh water and energy from human beings to feed the war<br>machine.
We've been scared of losing our jobs, but it seems that Apocalypse has<br>yet to fully materialize. Regardless for engineers, the market feels<br>tighter than it was a couple years ago, and everyone feels on edge<br>that they will just have to learn to operate LLMs to keep their jobs.
Which brings us, of course, to Death.
Death: security and copyright
Our third horseman is one I did not expect a couple of months<br>ago. Back at FOSDEM, curl's maintainer Daniel Stenberg famously<br>complained about the poor quality of LLM-generated reports but<br>then, a few months later, everyone is scrambling to deal with floods<br>of good reports.
In the past two weeks, this culminated in a significant number of<br>critical security issues across multiple projects. Chained<br>together, remote code execution vulnerabilities in Nginx and<br>Apache and two local privilege escalations in the Linux kernel<br>(dirtyfrag and fragnesia) essentially gave anyone root access to any unpatched server to the web.
As I write this, another vulnerability dropped,...