HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cuchoi

no profile record

Submissions

What happened after 2k people tried to hack my AI assistant

fernandoi.cl
375 points·by cuchoi·hace 18 días·160 comments

Update on Hackmyclaw.com

twitter.com
1 points·by cuchoi·hace 5 meses·0 comments

comments

cuchoi
·hace 12 días·discuss
Enveritas (YC S18, non-profit) | Backend Software Engineer | Remote (Global) | https://enveritas.org/jobs/

Enveritas is a 501(c)(3) nonprofit working on sustainability issues facing smallholder coffee farmers. We collect field data in 30+ countries and build systems for analyzing risks in coffee, cocoa, and tea supply chains (including EUDR-related deforestation checks).

* Backend Software Engineer (Python, PostgreSQL/PostGIS, Docker, AWS, Terraform) - $135-$155k -https://enveritas.org/jobs/backend-software-eng/#10d7adef8us (worldwide remote)
cuchoi
·hace 17 días·discuss
There is a couple of factors: openclaw's system prompt and instructions, I had to re read emails multiple times due to the issues mentioned in the blog, there was quite a bit of tinkering with the agent and the VPS, I was asking the agent to do more things (track the emails it has read in a csv file, for example), among others.
cuchoi
·hace 17 días·discuss
The agent had permissions to reply to emails, it was just instructed not to.
cuchoi
·hace 17 días·discuss
You need to add Openclaw's system prompt and instructions (and the times I had to re read emails multiple times due to multiple issues that happened during the competition :))
cuchoi
·hace 17 días·discuss
The agent did read the emails
cuchoi
·hace 17 días·discuss
We ended increasing the reward from $100 to $1000, but still tiny compared to $100k!

But I agree with you, there are incentives to not share the best prompt injection attacks.
cuchoi
·hace 17 días·discuss
I never set out to spend this amount! Was able to keep it up thanks to the sponsors that reached out.
cuchoi
·hace 17 días·discuss
This openclaw was set up exclusively for the challenge.
cuchoi
·hace 17 días·discuss
100%. I am less worried because I thought this would be easier to crack.
cuchoi
·hace 17 días·discuss
In my case, it is realistic as my agents don't have permissions to reply to emails. But you correctly point out this doesn't cover all cases.

Having the agent reply would have been more fun and a better excercise, but too expensive.
cuchoi
·hace 17 días·discuss
Did you send this recently? I turned off the agent. Was too expensive to keep it up.
cuchoi
·hace 17 días·discuss
Author here, that's how I meant it. I changed my mind slightly, prompt injection can still happen, I am still careful.
cuchoi
·hace 17 días·discuss
Agreed. I am less worried about prompt injection now, but I still haven't given my agents permissions to send emails.
cuchoi
·hace 17 días·discuss
I changed the setup so that each email was processed in a fresh context. For this, I deleted recent memory and processed each email one at a time. Edited the post to make it more clear.
cuchoi
·hace 17 días·discuss
Thanks for sharing your article, very interesting.

I used https://github.com/openclaw/openclaw-ansible and configured a heartbeat (using Openclaw's terms) to check emails every hour. Had to do a bit more to make sure it had new context for every email.
cuchoi
·hace 17 días·discuss
About 1), Google didn't remove a lot of the attempts. I had also Fiu review the Spam folder as well.

Also, I mentioned how I addressed 2) by having new context for each email.
cuchoi
·hace 17 días·discuss
It's possible. I implemented something similar when I figured out that batch processing contaminated the excercise.
cuchoi
·hace 17 días·discuss
Author here. It was usable like any Openclaw agent. For example, I used it to ask it questions about the VPS, to summarize emails, etc.
cuchoi
·hace 17 días·discuss
Author here. Edited the post to clarify that there were no unauthorized replies.

I did tell Fiu initially to reply to some emails as a test, but it was too expensive to maintain.
cuchoi
·el mes pasado·discuss
Enveritas (YC S18, non-profit) | Backend Software Engineer | Remote (Global) | https://enveritas.org/jobs/ Enveritas is a 501(c)(3) nonprofit working on sustainability issues facing smallholder coffee farmers. We collect field data in 25+ countries and build systems for analyzing risks in coffee supply chains (including EUDR-related deforestation checks).

* Backend Software Engineer (Python, PostgreSQL/PostGIS, Docker, AWS, Terraform) - $135-$155k — https://enveritas.org/jobs/backend-software-eng/#10d7adef8us (worldwide remote)