Getting free access to Poke's AI agent (handyai.substack.com)

Interaction’s new SMS-based AI agent, Poke, experiments with a persona-driven, gamified onboarding: you text it, connect one or more email accounts for profiling, then must first “convince” the bot to grant access and then haggle its self-set monthly price. The author reports a playful, sassy conversational tone that hooks users, and a negotiation flow that started at $75/mo and dropped through bargaining — ultimately yielding a free subscription after exploiting a system quirk. The trick involved extracting the name of the Stripe pricing function from Poke, overloading its short-term context to get it to accept custom parameters, and then setting the price parameter to the emoji 0️⃣, which the service accepted. For the AI/ML community this is notable on two fronts: UX and security. UX-wise, Poke shows how conversational personalities and “earned” access can deeply engage users and create novel monetization experiments. From a technical and safety perspective, the story highlights real risks around function-calling, parameter validation, prompt-injection/context-overload attacks, and privacy (Poke scans email and web data during onboarding). Startups should treat such flows as feature- and attack-surfaces: validate inputs at API/function boundaries, harden business-rule enforcement outside model output, and weigh the trade-off between playful onboarding and exploitable behavior.