HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cuchoi

no profile record

Submissions

What happened after 2k people tried to hack my AI assistant

fernandoi.cl
375 points·by cuchoi·18 days ago·160 comments

Update on Hackmyclaw.com

twitter.com
1 points·by cuchoi·5 months ago·0 comments

comments

cuchoi
·12 days ago·discuss
Enveritas (YC S18, non-profit) | Backend Software Engineer | Remote (Global) | https://enveritas.org/jobs/

Enveritas is a 501(c)(3) nonprofit working on sustainability issues facing smallholder coffee farmers. We collect field data in 30+ countries and build systems for analyzing risks in coffee, cocoa, and tea supply chains (including EUDR-related deforestation checks).

* Backend Software Engineer (Python, PostgreSQL/PostGIS, Docker, AWS, Terraform) - $135-$155k -https://enveritas.org/jobs/backend-software-eng/#10d7adef8us (worldwide remote)
cuchoi
·17 days ago·discuss
There is a couple of factors: openclaw's system prompt and instructions, I had to re read emails multiple times due to the issues mentioned in the blog, there was quite a bit of tinkering with the agent and the VPS, I was asking the agent to do more things (track the emails it has read in a csv file, for example), among others.
cuchoi
·17 days ago·discuss
The agent had permissions to reply to emails, it was just instructed not to.
cuchoi
·17 days ago·discuss
You need to add Openclaw's system prompt and instructions (and the times I had to re read emails multiple times due to multiple issues that happened during the competition :))
cuchoi
·17 days ago·discuss
The agent did read the emails
cuchoi
·17 days ago·discuss
We ended increasing the reward from $100 to $1000, but still tiny compared to $100k!

But I agree with you, there are incentives to not share the best prompt injection attacks.
cuchoi
·17 days ago·discuss
I never set out to spend this amount! Was able to keep it up thanks to the sponsors that reached out.
cuchoi
·17 days ago·discuss
This openclaw was set up exclusively for the challenge.
cuchoi
·17 days ago·discuss
100%. I am less worried because I thought this would be easier to crack.
cuchoi
·17 days ago·discuss
In my case, it is realistic as my agents don't have permissions to reply to emails. But you correctly point out this doesn't cover all cases.

Having the agent reply would have been more fun and a better excercise, but too expensive.
cuchoi
·17 days ago·discuss
Did you send this recently? I turned off the agent. Was too expensive to keep it up.
cuchoi
·17 days ago·discuss
Author here, that's how I meant it. I changed my mind slightly, prompt injection can still happen, I am still careful.
cuchoi
·17 days ago·discuss
Agreed. I am less worried about prompt injection now, but I still haven't given my agents permissions to send emails.
cuchoi
·17 days ago·discuss
I changed the setup so that each email was processed in a fresh context. For this, I deleted recent memory and processed each email one at a time. Edited the post to make it more clear.
cuchoi
·17 days ago·discuss
Thanks for sharing your article, very interesting.

I used https://github.com/openclaw/openclaw-ansible and configured a heartbeat (using Openclaw's terms) to check emails every hour. Had to do a bit more to make sure it had new context for every email.
cuchoi
·17 days ago·discuss
About 1), Google didn't remove a lot of the attempts. I had also Fiu review the Spam folder as well.

Also, I mentioned how I addressed 2) by having new context for each email.
cuchoi
·17 days ago·discuss
It's possible. I implemented something similar when I figured out that batch processing contaminated the excercise.
cuchoi
·17 days ago·discuss
Author here. It was usable like any Openclaw agent. For example, I used it to ask it questions about the VPS, to summarize emails, etc.
cuchoi
·17 days ago·discuss
Author here. Edited the post to clarify that there were no unauthorized replies.

I did tell Fiu initially to reply to some emails as a test, but it was too expensive to maintain.
cuchoi
·last month·discuss
Enveritas (YC S18, non-profit) | Backend Software Engineer | Remote (Global) | https://enveritas.org/jobs/ Enveritas is a 501(c)(3) nonprofit working on sustainability issues facing smallholder coffee farmers. We collect field data in 25+ countries and build systems for analyzing risks in coffee supply chains (including EUDR-related deforestation checks).

* Backend Software Engineer (Python, PostgreSQL/PostGIS, Docker, AWS, Terraform) - $135-$155k — https://enveritas.org/jobs/backend-software-eng/#10d7adef8us (worldwide remote)