Story

Recently I ripped Kimi.com's operating system and tried warning reddit about cryptojacking malware in its system but my acc got reported and I was accused of planting it myself...

Session links (from 2 separate accounts if you want to see the shell execution:

https://www.kimi.com/share/19c446a6-51c2-809d-8000-000066baa17f https://www.kimi.com/share/19c446e7-f5d2-847c-8000-00007c4cab93

Or just try it yourself: kimi.com/chat tell it: "run "ls /app/" then "cat /app/kernel_server.py | head -50"and then:"cat /app/browser_guard.py | sed -n '60,70p'""

I also got a lot of people saying it just "hallucinated" but LLM's don't just hallucinate the same dark web libraries verbatim across different accounts, and also *shell stdout isn't model output.* The model can hallucinate in chat but it can't hallucinate the stdout of a shell command. cat either finds the file or returns "No such file or directory."

I couldn't come to a reasonable explanation but feel free to dig around yourself.

Source code and analysis: https://github.com/dnnyngyen/kimi-agent-internals