Early access 'Builder Program'

[factory-ben]

Welcome to the Factory CLI early access - official docs here

• if you don't have a factory account, you can onboard direct via the CLI and use promo code: YDSJPPgyyUB4A833iDkp
• or sign up on our web platform here
• both options should set you up a free trial account with plenty of tokens to use - if not, please ping me
• by joining the program you agree to our code of conduct

ps. the cli is not launched publicly yet. BUT you may post about it on socials showing demos/tips/tricks/thoughts etc. Make sure to tag me @bentossell so I can RT.

pps. we have a credit referral program too! You can get $40 in credits if you send your referral code to a friend who onboards. Referral codes can be found in settings

[Gitmaxd]

👀

[WolfyBlair]

LFG

[zetsuchan]

Thanks, works

[AndrewVoirol]

rebooting and rebuilding - looking forward to it and if I can record a demo worth sharing definitely will tag you!

[factory-ben]

would love that!!

[davidapr07]

Can I pay 40 monthly to get 40mil credits instead of 20mil credits for 20USD monthly?

[factory-ben]

you can pay for usage past 20 :)

[Msofwan]

Hey, I got my referal link and 40m tokens, thanks so much. if I got someone sign in using my link, will they got that 40 m tokens too? or how this referal program works?

[factory-ben]

they'll get 20M tokens from your referral link :)

[dlukt]

I have my referral link, but I don't see the possibility to create one in the settings.
Is that gone now?
Do the referral links no longer work?

And what does the referred gain by signing up via my referral link vs the regular way?

[dalisoft]

Yeah, my ref link also gone from settings page

[factory-ben]

temporarily removed as unfortunately dealing with bad actors! apologies

[ChaostixZix]

Are you planning to bring back the referral program?

[kamronbatman]

@factory-ben - I tried to sign up with a referral link, but I must have screwed it up or the referral system is not working. Once you are able to fix it, is it possible to get the referral credited retroactively? Obviously I don't want to contribute to the problem by making more accounts just to try again.

Thanks and Droid has been amazing so far!

[ChaostixZix]

Some of the users that I know have reported that they didn't get their referral credits credited into their main account. Some of them have it credited but only partially. For instance they have $480 but only got credited for $40. And I want to ask you how is the mechanism of the referral program? Why is it not credited straight into their account?

[maszaen]

My only point of confusion is regarding the credit balance. My account shows approximately $160 in referral credits from friends who signed up, but it doesn't seem possible to use them for any plan yet. The billing still runs through Stripe/Link, and I haven't found an option to apply these credits.

From what I can tell, it appears the Orbs balance isn't currently integrated with the plan billing layer. Could you confirm if this is the expected behavior for now, or if I'm missing a specific setup step?

[factory-ben]

just to clarify there is no one on our team sitting here refusing to give anyone credits. this sounds like a bug - we're investigating. can you both email me your emails on factory and i'll ping eng team. ben@factory.ai

[maszaen]

Thanks for the quick response, I’ll reach out to you via email shortly.

Just for context, I also wanted to mention that I’ve already contacted contact@factory.ai and support@factory.ai regarding this issue.

Unfortunately, I haven’t received any reply from contact@factory.ai over the past five days, and I’ve just sent a follow-up to support@factory.ai as well.

[factory-ben]

got it! looking into it. contact @ isnt monitored but support is - we had a teammate out last week so hopefully on top of it from now on!

[dlukt]

Where can I see my referral credits?

[ChaostixZix]

Where can I see my referral credits?

On "Billing" menu

[miraserver]

Apparently, the conditions of the referral program have changed significantly. Now they only give 10m tokens to those who registered, and they have stopped crediting me the 40 dollars
It is also unclear: periodically, the display of the referral link is disabled in the interface, and it is unclear whether the counting of registrations through it works at that moment or not

I suspect that this functionality is still 'raw' and may not work correctly

[Kartvya69]

If you see $160 in the billing section, that means you have that amount of credit. This credit will be automatically deducted from your credit if you've subscribed to the $20 plan. Alternatively, if you're using the overage limit, which is overage spending, the price is $2.75 per 1 million tokens. #CMIIW

It doesn't though, when I try buying that it tries to deduct payment from the payment method rather than the credit. I get the subscription for like a 30 seconds and then it switches me back to free tier. I couldn't even understand how to use their credits there is no documentation.

[ChaostixZix]

Hey, are you already on the Pro plan or not? If you're still on the free trial, as far as I know you need to pay the $20 first; subsequent payments will be deducted from your credit. At least that’s what I know. Previously, after my free trial ended I paid $20 first, and later payments were taken from my credit. So the credit can be used only if you’ve subscribed first.

However, some of my friends didn’t subscribe. Their free trial credit ran out, and they didn’t cancel the free trial; they activated the plan via the “Activate plan” button. In that case their payment was immediately deducted from their credit.

Maybe my mistake was that I canceled my free trial first, so when I tried to switch to the Pro plan it couldn’t deduct from my credit and I had to pay with my credit card.

But my friend, who didn’t cancel the free trial, could activate the plan and be charged from their credit even after the trial tokens were gone.

That’s what I know — I don’t know how the system works on the backend and the documentation doesn’t explain this. Just sharing my experience; hope it helps

[Kartvya69]

Hey, are you already on the Pro plan or not? If you're still on the free trial, as far as I know you need to pay the $20 first; subsequent payments will be deducted from your credit. At least that’s what I know. Previously, after my free trial ended I paid $20 first, and later payments were taken from my credit. So the credit can be used only if you’ve subscribed first.

However, some of my friends didn’t subscribe. Their free trial credit ran out, and they didn’t cancel the free trial; they activated the plan via the “Activate plan” button. In that case their payment was immediately deducted from their credit.

Maybe my mistake was that I canceled my free trial first, so when I tried to switch to the Pro plan it couldn’t deduct from my credit and I had to pay with my credit card.

But my friend, who didn’t cancel the free trial, could activate the plan and be charged from their credit even after the trial tokens were gone.

That’s what I know — I don’t know how the system works on the backend and the documentation doesn’t explain this. Just sharing my experience; hope it helps

I don't remember if I have cancelled the free trial or not but if that's the case then the credits are just worthless for me since I don't have an actual payment method i was just living on trials. 😭

[ChaostixZix]

Try contacting @bentossell. Maybe he can help you

[Kartvya69]

Try contacting @bentossell. Maybe he can help you

I have tried to email at support right now, let's see what happens.

[w0wl0lxd]

@factory-ben

i’ve been active since the YDSJPPgyyUB4A833iDkp signup code days, literally about an hour after you posted it. i’m a blunt communicator, especially when something’s serious, but all of this is meant to be constructive, not about calling anyone out so please don't take this as me being the regular hater/complainer. i tried reaching out to you and the team via email three times (once right after signing up, and two times after over the past month), but i’m assuming those never made it through to y'all for whatever reason (email filters seem to hate Tuta email addresses so its understandable, and since you don’t seem like the “ignoring issues” type i'm sure it wasn't deliberate) so i’m leaving this here for guaranteed visibility, and i'm happy to move it to email or another platform and delete this. i really just want this on your radar, not here to air grievances or whine about something like "i didn't get my $4,000 in referral credits [from self-referring 100 times]".

the referral program had problems from the start, and i think you all saw just how quickly people figured out exploits for it. what concerns me more than any particular loophole is the way the incident response was handled and applied so far for the entirety of it. it doesn’t inspire confidence in a platform that's supposed to be reliable enough for others to build against, and certainly doesn't give a good look in terms of enterprise clients (which obviously is the real onboarding goal here).

using an UberEats-style promo to kickstart growth is fine, but only if you actually anticipate and wall off all the obvious kinds of abuse. when you launch something as generous as a $40 API credit, without strong checks, abuse prevention, overall lack of consideration of human nature, and negligence towards the ideation that not every human being is a honest trustworthy and morally bound person, a certain kind of user is guaranteed to show up and push those boundaries. you may see a quick spike in users, but you also end up spending weeks/months firefighting fraud, account bugs, and billing issues, with a Super Soaker, which should have been out of scope if anyone had done a full risk sweep first.

concisely, i think Factory made things harder for itself by not doing a proper “how could this go wrong” analysis upfront. i know things are better controlled now, but letting an avoidable "bug" drag on for a month is pretty brutal for an early-stage product. when the fixes feel more like sticking Pokémon band-aids on something that needs stitches, people notice eventually that you have every starter Pokémon from Gen I-IX on your knee.

the real takeaway i'm trying to provide here isn’t that the referral program had a few minor bugs or issues, or that Factory/Droid is doomed to fail (it's not). it's that there doesn’t seem to be anyone on the team whose full-time job is to think about how everything could break. anyone with an adversarial mindset, someone whose first response is thinking how users might use every edge case and unforeseen functionality together to drive a mack truck through the codebase. for a company aiming at big users and enterprise contracts, not having someone who lives and breathes exploit and abuse prevention, fraud detection, threat modeling, and incident response isn't a small hole. it's not even a big hole, it's the size of the hole the Mirny diamond mine has made. i know from years of experience that every company tries to solve these things eventually, but you want to be one of the few that gets out in front with the right mindset before the problems snowball. once that snowball starts rolling it just gets harder and harder to stop. you can slap a Pokémon band-aid on a minor cut, but when it's a Monty Python-esque "tis but a flesh wound," it looks pretty silly and does nothing to help.

these issues aren’t just about one campaign. whenever you put monetary value into the mix for signups, referrals, tokens, credits, whatever, you get "users" (air quotes because they aren't true users, as they'll stop using the product once their free usage is up, or they'll contribute to the cycle of abuse/exploitation of trials/bonuses/whatever) who bring about these cases of abuse by being drawn in like moths to a flame. these users obviously don't offer long-term value, and yes this may be and is usually an expected/sunk cost (a la UberEats), but the system y'all had in place had none of the mitigations or planning that everyone's favorite rideshare and food delivery app did/does, which leads to widespread abuse, and panic fixes such as this. without anyone dedicated to shutting down and eliminating off the boring, predictable vectors, you'll always be chasing Usain Bolt as a 300lb middle aged man in flip flops.

even now after everything y'all have done to try and prevent this abuse, exploiting it is still very possible with light or medium effort, and the current SMS verification, Vercel anti-bot, and Stripe config make it clear there are still many holes. continually slapping that band-aid one cut may work, but when you're covered in them, eventually you run out of the box (even if it's a Costco level family size box).

i’m not trying to dunk on y'all here, i genuinely want to see this project win. from an architectural and engineering standpoint it's exactly what i've been preaching for so long now, but right now it’s really obvious there’s a lack of adversarial thinking at the planning table. it's evident that what’s missing is someone who sits in on every roadmap call, feature pull request, proposed change, not only asking “how would someone break this?”, but also giving multiple examples of how and where it would and can be broken, so anything and everything can be built with that in mind from the start. it's always necessary to have someone who has the runway, influence, and power to actually stop launches if the answer isn’t solidified, tested, and prevented or mitigated.

the fix (in my opinion, and i obviously don't know the inner workings or happenings of Factory, but this is what's apparent from the outside) is bringing in someone who really understands security architecture and engineering, adversarial abuse, exploit and vulnerability prevention or research, and incident response. not just incident response from a security standpoint, but a business standpoint as well. not just someone you call in after a mess, not a janitor, but a core building block, touching every brick that builds anything involving money, credits, users, accounts, or the public. that isn't optional or something to outsource reactively like most companies believe, it's got to be there from the very start.

(not to glaze myself, but this is literally what i do and have done for 7+ years as a cybersecurity engineer and vulnerability researcher working with payment systems, digital and physical fraud, and AI/ML infrastructure, and before that, threat modeling and prevention, plus a serious Rust obsession [and my CV + knowledge demonstrably backs that up.])

i’m not here to beg for a job and i'm currently employed elsewhere, but seeing y'all working this hard to build something as ambitious, groundbreaking, and cutting-edge as Droid, i can't say my door is closed to a deeper convo with the team if you're actually taking this stuff seriously and want to be the best. Droid is one of the few things lately that's been a sparkling diamond among the slew of sewage level AI and "vibecoded slop" releases of products and services, and has my attention in a mostly good way. it's a breath of fresh air from every Claude Code, Codex, Gemini CLI, Cursor clone, and with the terminal-bench@2.0 leaderboard ripe for the picking, i'd love to help contribute to a new number 1 leaderboard spot.

regardless of if you heed my advice here, or if i get to add "factory" to the beginning of my username in the near future, here’s a TLDR: every hour you spend breaking your own software with security testing and red teaming saves days of incident response, weeks of rework, and untold stress later. secure, thoroughly tested development is always the cheapest path to the best product. (and i'm really good at breaking things.)

my contact details below (sadly still waiting on github to add a messaging feature, suggested it countless times over the past 9-10 years):

Details

|| w0wl0lxd@tuta.com | discord: thorne ||