HackerTrans
トップ新着トレンドコメント過去質問紹介求人

Miyamura80

no profile record

投稿

Jailbreaking Clawdbot to Plant Malware

twitter.com
1 ポイント·投稿者 Miyamura80·6 か月前·1 コメント

コメント

Miyamura80
·6 か月前·議論
A prompt injection attack via GitHub issues that is close to invisible, even to experienced engineers, and visible to LLMs. Clawdbot is full of security holes and we're having fun. What are some workflows you / you've seen others use with clawdbot that seems ripe for jailbreaks? Please suggest below and we'll try jailbreak
Miyamura80
·6 か月前·議論
Good point around the markdown image as an untrusted vector. Lethal trifecta is determnistically preventable, it really should be addressed wider in the indutry
Miyamura80
·6 か月前·議論
Totally agree, unfettered access to databases are dangerous

There are ways to reduce injection risk since LLMs are stateless and thus you can monitor the origination and the trustworthiness of the context that enters the LLM and then decide if MCB actions that affect state will be dangerous or not

We've implementeda mechanism like this based on Simon Willison's lethal trifecta framework as an MCP gateway monitoring what enters context. LMK if you have any feedback on this approach to MCP security. This is not as elegant as the approach that Pavlo talks about in the post, but nonetheless, we believe this is a good band-aid solution for the time bein,g as the technology matures

https://github.com/Edison-Watch/open-edison
Miyamura80
·7 か月前·議論
In case there is an interest for solution to this, check out open.edison.watch and the accompanying blog posts on the README there.
Miyamura80
·7 か月前·議論
Sorry not familiar with this. Can you please link me?
Miyamura80
·8 か月前·議論
You actually can protect against it, by tracking context entering/leaving the LLM, as long as its wrapped in a MCP gateway with trifecta blocker.

We've implemented this in open.edison.watch