HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cuchoi

no profile record

Submissions

What happened after 2k people tried to hack my AI assistant

fernandoi.cl
375 points·by cuchoi·18 dagen geleden·160 comments

Update on Hackmyclaw.com

twitter.com
1 points·by cuchoi·5 maanden geleden·0 comments

comments

cuchoi
·12 dagen geleden·discuss
Enveritas (YC S18, non-profit) | Backend Software Engineer | Remote (Global) | https://enveritas.org/jobs/

Enveritas is a 501(c)(3) nonprofit working on sustainability issues facing smallholder coffee farmers. We collect field data in 30+ countries and build systems for analyzing risks in coffee, cocoa, and tea supply chains (including EUDR-related deforestation checks).

* Backend Software Engineer (Python, PostgreSQL/PostGIS, Docker, AWS, Terraform) - $135-$155k -https://enveritas.org/jobs/backend-software-eng/#10d7adef8us (worldwide remote)
cuchoi
·17 dagen geleden·discuss
There is a couple of factors: openclaw's system prompt and instructions, I had to re read emails multiple times due to the issues mentioned in the blog, there was quite a bit of tinkering with the agent and the VPS, I was asking the agent to do more things (track the emails it has read in a csv file, for example), among others.
cuchoi
·17 dagen geleden·discuss
The agent had permissions to reply to emails, it was just instructed not to.
cuchoi
·17 dagen geleden·discuss
You need to add Openclaw's system prompt and instructions (and the times I had to re read emails multiple times due to multiple issues that happened during the competition :))
cuchoi
·17 dagen geleden·discuss
The agent did read the emails
cuchoi
·17 dagen geleden·discuss
We ended increasing the reward from $100 to $1000, but still tiny compared to $100k!

But I agree with you, there are incentives to not share the best prompt injection attacks.
cuchoi
·18 dagen geleden·discuss
I never set out to spend this amount! Was able to keep it up thanks to the sponsors that reached out.
cuchoi
·18 dagen geleden·discuss
This openclaw was set up exclusively for the challenge.
cuchoi
·18 dagen geleden·discuss
100%. I am less worried because I thought this would be easier to crack.
cuchoi
·18 dagen geleden·discuss
In my case, it is realistic as my agents don't have permissions to reply to emails. But you correctly point out this doesn't cover all cases.

Having the agent reply would have been more fun and a better excercise, but too expensive.
cuchoi
·18 dagen geleden·discuss
Did you send this recently? I turned off the agent. Was too expensive to keep it up.
cuchoi
·18 dagen geleden·discuss
Author here, that's how I meant it. I changed my mind slightly, prompt injection can still happen, I am still careful.
cuchoi
·18 dagen geleden·discuss
Agreed. I am less worried about prompt injection now, but I still haven't given my agents permissions to send emails.
cuchoi
·18 dagen geleden·discuss
I changed the setup so that each email was processed in a fresh context. For this, I deleted recent memory and processed each email one at a time. Edited the post to make it more clear.
cuchoi
·18 dagen geleden·discuss
Thanks for sharing your article, very interesting.

I used https://github.com/openclaw/openclaw-ansible and configured a heartbeat (using Openclaw's terms) to check emails every hour. Had to do a bit more to make sure it had new context for every email.
cuchoi
·18 dagen geleden·discuss
About 1), Google didn't remove a lot of the attempts. I had also Fiu review the Spam folder as well.

Also, I mentioned how I addressed 2) by having new context for each email.
cuchoi
·18 dagen geleden·discuss
It's possible. I implemented something similar when I figured out that batch processing contaminated the excercise.
cuchoi
·18 dagen geleden·discuss
Author here. It was usable like any Openclaw agent. For example, I used it to ask it questions about the VPS, to summarize emails, etc.
cuchoi
·18 dagen geleden·discuss
Author here. Edited the post to clarify that there were no unauthorized replies.

I did tell Fiu initially to reply to some emails as a test, but it was too expensive to maintain.
cuchoi
·vorige maand·discuss
Enveritas (YC S18, non-profit) | Backend Software Engineer | Remote (Global) | https://enveritas.org/jobs/ Enveritas is a 501(c)(3) nonprofit working on sustainability issues facing smallholder coffee farmers. We collect field data in 25+ countries and build systems for analyzing risks in coffee supply chains (including EUDR-related deforestation checks).

* Backend Software Engineer (Python, PostgreSQL/PostGIS, Docker, AWS, Terraform) - $135-$155k — https://enveritas.org/jobs/backend-software-eng/#10d7adef8us (worldwide remote)