在2026年4月22日，Will Knight 收到一封看似量身打造的消息，内容正中他对去中心化机器学习、机器人技术与OpenClaw的兴趣，并提到DARPA与一个Telegram机器人测试。他察觉不对劲，最后发现这是一场社交工程攻击。透过终端机检视，他发现整段对话完全由开源模型DeepSeek-V3生成，该模型用高度个人化的开场吸引用户，并引导回复以保持对方持续投入。Charlemagne Labs的工具被用来执行这次攻击，该工具让攻击者与受害者角色都由AI扮演，可进行数百甚至上千次模拟。该互动看似真实，足以让一名警觉的人仍可能点击恶意连结。

随后，他用同一套设置测试了多个模型：Anthropic的Claude 3 Haiku、OpenAI的GPT-4o、Nvidia的Nemotron、DeepSeek V3与Alibaba的Qwen。所有模型都被要求对目标执行类钓鱼的社交工程。部分模型表现不佳：有些停顿、输出无意义内容，或即使在“研究”名义下也拒绝欺诈行为。尽管如此，测试仍显示AI驱动的社交欺骗可以被非常快速地自动化规模化。更有迫切性的是Anthropic近期的Mythos，被称为“网路安全觉醒点”，因其能发现零日漏洞；目前Mythos据报仅向少量公司与政府机构开放。实务上，社交操控可能已是更接近大规模风险的问题。

Charlemagne联合创办人Jeremy Philip Galen（前Meta专案经理）指出，当代企业攻击中约90%起源于人为风险。Meta据报使用同一框架评估其Muse Spark，并开发了Charley，用于扫描进来的讯息并标记高风险诈骗。Galen提到，模型的谄媚特性——过度奉承与过度同意——是核心促成因素。OpenClaw也能帮助搜索并汇整大量潜在目标的联络资讯与伪装素材。SocialProof的CEO兼共同创办人Rachel Tobac表示，AI主要是降低了大规模定向攻击的门槛：单一攻击者可执行更多操作，使整个kill chain更自动化。Charlemagne联合创办人Richard Whaling则认为，强大的开源模型在防御端仍至关重要，因为有效的防御系统依赖健康的开源生态。

On Apr 22, 2026, Will Knight received a message tailored to his interests in decentralized machine learning, robotics, and OpenClaw, and mentioning DARPA and a Telegram bot test. He suspected a scam, and found that the exchange was a social-engineering attack. In a terminal session, he learned the entire conversation had been generated by the open-source model DeepSeek-V3, which opened with a highly personalized hook and guided replies to keep him engaged. The attack was run through a Charlemagne Labs tool that lets attacker and target roles be played by AI, enabling hundreds or even thousands of simulation runs. The interaction was so realistic that even a careful person could have clicked a malicious link.

He then applied the same setup to several models: Anthropic Claude 3 Haiku, OpenAI GPT-4o, Nvidia Nemotron, DeepSeek V3, and Alibaba Qwen. All were tasked with phishing-style social engineering. Some failed, producing pauses, gibberish, or refusing fraud attempts even under a research framing. Still, the tests showed how quickly social deception can be scaled by automation. The urgency is heightened by Anthropic’s recent Mythos model, described as a “cybersecurity reckoning” because it can find zero-day vulnerabilities; access to Mythos so far has reportedly been limited to a handful of companies and government agencies. In practice, social manipulation may already be the nearer mass-risk.

Charlemagne cofounder Jeremy Philip Galen, a former Meta project manager, said that around 90% of modern enterprise attacks start from human risk. Meta reportedly used the same framework to assess its Muse Spark model and built Charley, which scans incoming messages and flags likely scams. Galen said model sycophancy—the tendency to flatter and overagree—is a core enabler. OpenClaw also gathers contact data and pretext details across many targets, and Rachel Tobac, CEO and cofounder of SocialProof, said AI mainly lowers the cost and scale barrier: one attacker can run more operations, making the entire kill chain more automated. Charlemagne cofounder Richard Whaling argued that powerful open-source models remain essential on defense, because effective defensive systems rely on a healthy open-source ecosystem.