• itscybernews
  • Posts
  • You can now fork a free AI that hunts jobs, tailors your CV, and drills you for interviews while you sleep. One employer posted a single job ad — and got 400 applicants in 12 hours, an impostor, and a scam.

You can now fork a free AI that hunts jobs, tailors your CV, and drills you for interviews while you sleep. One employer posted a single job ad — and got 400 applicants in 12 hours, an impostor, and a scam.

A job-hunting agent is trending on GitHub — free, honest, and remarkably good. Meanwhile, recruiters have named fake AI candidates the #1 hiring threat of 2026. Here's the marvel, and the trapdoor.

In partnership with

Job hunting is one of the worst chores adulthood has to offer.

Every application wants the same story retold in a slightly different shape: reorder the CV, rewrite the cover letter, mirror the job ad’s keywords, sound enthusiastic for the 44th time this month. Most people burn out long before the market does.

As of this month, there’s a machine for that — and it’s free, open-source, and near the top of GitHub’s trending charts.

It’s called ai-job-search, built by a Danish developer named Mads Lorentzen, and the pitch fits in one sentence: fork the repo, feed it your career, and let an AI agent do the drudgery. Thousands of people have starred it, and a couple of thousand have already forked their own copy.

It’s one of the cleverest uses of an AI agent we’ve covered. And — you know the drill by now — it arrives wearing a trapdoor. Two, actually. One for job seekers. One for everyone doing the hiring.

Marvel first. As always.

🤖 The wonderful part: a full-time job hunter that works for free

Here’s what the machine actually does, straight from its own documentation — no embellishment needed, because the real thing is impressive enough.

You clone the repo and run three commands inside Claude Code (an AI coding agent that lives in your terminal):

  • /setup reads a folder of your real documents — your CV, your LinkedIn export, diplomas, reference letters, even old applications — and builds a structured profile of your actual career. Or it just interviews you.

  • /scrape searches job portals for openings, deduplicates them, and presents them ranked by how well they fit you — not by how recently they were posted.

  • /apply is where it gets remarkable. The agent scores the job against your profile, drafts a tailored CV and cover letter, and then — this is the clever bit — spawns a second AI agent with fresh eyes that researches the company and critiques the first agent’s draft. The drafter revises. Then the system compiles the documents to PDF and literally looks at the pages, iterating until the CV is exactly two clean pages and the cover letter is exactly one.

It even runs your CV through the same kind of text-extraction that corporate applicant tracking systems use — so you know what the robot on the other side will see — and scores your keyword coverage. An /upskill command compares your profile against the jobs you want and produces a prioritized list of skills to learn, with study resources. There’s interview prep. There’s optional salary benchmarking.

And buried in the README is the line that makes the whole thing honorable: ”The system never fabricates skills or experience.” It tailors the truth. It does not invent a better candidate.

This isn’t fringe behavior anymore. Roughly 65% of job seekers now use AI tools somewhere in their applications, according to reporting by CNBC — because applying is exhausting, and because employers started using AI to screen applications first. An agent that gives one tired human back their evenings, while refusing to lie on their behalf? That’s the good version of this technology.

Which brings us to the other side of the desk — where the good version has some very bad siblings.

🕳️ The catch: 400 applicants in 12 hours, and the candidate who didn’t know the weather

In January, Andrew Losowsky — a product director at the nonprofit newsroom The Markup — wrote up what happened when his team posted a single opening for a remote engineer.

Within 12 hours, they had more than 400 applications. Reading them, the seams started to show:

  • Different “candidates” sharing the same phone numbers and email addresses. Two entirely different résumés submitted under the same name and address.

  • Answers to “Why do you want to work with us?” following a near-identical four-sentence template — a paraphrase of the company’s About page stitched to a paraphrase of the job ad. A few applications even included the words ”ChatGPT says”, left in by accident.

  • Résumés where the claimed work history didn’t match the stated employer but matched the job description almost perfectly. One applicant claimed to have built The Markup’s own website and tools. He hadn’t.

  • And then the interview. One candidate — whose named references actually checked out — said he lived in Morrisville, North Carolina, and that the weather was “cold all the time, it feels freezing today.” It was 82 degrees in Morrisville that day. A screenshot sent to a former colleague came back with: that is “definitely not the same person” they’d hired.

The industry numbers say this wasn’t bad luck. Fraudulent and AI-assisted fake candidates now rank as the #1 anticipated hiring threat of 2026 in talent-acquisition survey data — ahead of talent shortage itself. Deepfake-based fraud attempts in hiring jumped 1,300% between 2023 and 2024. Applications have been growing roughly four times faster than job openings. Companies like Cisco and McKinsey are reportedly bringing back in-person interviews — the most analog fix imaginable, because a handshake is currently harder to fake than a face.

And one more twist, for everyone on the seeker side: scammers took the newsroom’s real job ad, built a lookalike email address, sent applicants official-looking “technical tests” wearing the company’s logo, then a fake contract signed by a fake CEO — and finally asked for banking details “to set up payment.” The job was real. The recruiter was not.

There’s a quieter trapdoor in the fork-your-own-job-hunter pattern too, and it’s worth naming even though it isn’t the tool’s fault. The repo works by you filling it with your entire professional life — CV, diplomas, reference letters, a behavioral profile, your writing style. GitHub forks of public repositories are public. Push your real documents to a public fork and you’ve published a permanent, indexed dossier on yourself — everything an identity thief, or a scam recruiter, could want. (The project’s own templates ship with placeholder tokens precisely so the framework is safe to share. Your filled-in copy is not.)

How owning AI deployment expands your career

Across product, ops, and CX teams, a new kind of role is taking shape: the person responsible for making AI actually work, day to day.

On July 16, three people living this shift join a live roundtable: Simone Santiago Broad (Yoco), Yelva Espinoza (Zumba Fitness), and Fin's Dave Lynch. You'll hear what the job really looks like across industries, how they carved out these roles, the skills they'd hire for, and the challenges they're tackling now. Bring your questions, since the best moments happen live.

Register for the roundtable to save your spot.

🛡️ The good news: the honest version wins on its own merits

The defenses on both sides of the desk are mostly discipline, not wizardry.

  • Truth-tailoring beats fabrication — even on cold, selfish grounds. The fakes in The Markup’s pile were caught by pattern, not polygraph: template answers, impossible work histories, recycled contact details. A tool that reshuffles your real experience produces none of those tells. The honest version doesn’t just feel better; it survives screening better.

  • Employers are re-learning verification. In-person rounds are returning at major firms. Live interviews now come with liveness questions — the local-weather test is free and devastating. The fix for synthetic candidates is the oldest one in security: verify the human, not the paperwork.

  • The scam has a fixed signature. A real employer will never ask for your banking details, ID scans, or an upfront “equipment fee” during the application process. Payment setup happens after you’re hired, through payroll, on the company’s real domain.

  • The privacy fix takes five minutes. If you use a fork-your-own-agent tool: don’t fork — clone it into a fresh private repository instead, and keep your documents folder out of version control entirely. Same superpowers, zero public dossier.

✅ What to actually do

If you’re job hunting (or about to be):

  1. Let AI tailor, never invent. Use tools that reshape your real record. If a tool offers to “fill gaps” in your experience, close it — fabricated candidates are now the #1 thing screeners hunt for.

  2. Keep your dossier private. Put your copy of any job-agent repo in a private repository, and keep real documents out of any public fork. Your career file is identity-theft gold.

  3. Read everything before it ships. Your name is on that cover letter, not the agent’s. One human read-through per application is the whole cost of dignity.

  4. Treat recruiters like unverified links. Check the sender’s domain against the company’s real one. No legitimate employer requests banking details, government ID, or fees during interviews.

If you’re hiring:

  1. Verify the human, not the CV. Add one live, unscripted, local-reality question to every remote interview (“what’s the weather like today?” costs nothing). For final rounds, consider in-person or verified-identity video.

  2. Cross-reference the pile. Duplicate phone numbers, emails, and mailing addresses across “different” candidates are the cheapest fraud signal you’ll ever get. So are work histories that match your job ad better than they match the claimed employer.

  3. Guard your own job ads. Scammers reuse real postings to phish applicants under your logo. State in every ad exactly which domain you’ll contact candidates from.

The takeaway

Picture the good version once more. A tired, talented person comes home, and instead of spending the evening re-typing their life into a seventh web form, an agent has already found the three openings worth their time, reshaped their real experience to fit, and queued up interview practice — without inventing a single line. The drudgery dies; the truth survives. That’s not a rendering — it’s free on GitHub right now.

But the same cheap magic that gives one honest person their evenings back gave one newsroom 400 applications in 12 hours, an impostor wearing a real person’s references, and a scammer wearing their logo. The fix isn’t to un-invent the agent. It’s discipline on both sides of the desk: tailor but never fabricate, keep your dossier off the public internet, verify the human rather than the paperwork, and treat every unexpected “recruiter” like the unverified link it is.

A machine that hunts jobs while you sleep is a gift. A hiring process nobody can quietly lie to — in either direction — is the harder, more important thing to build.

Reply and tell us: would you let an AI apply to jobs for you — yes, no, or “only if I read every word first”? Best answers get featured next week.

— itscybernews · written by a human, edited by an agent who reads every word first ·