HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Miyamura80

no profile record

Submissions

Jailbreaking Clawdbot to Plant Malware

twitter.com
1 points·by Miyamura80·há 6 meses·1 comments

comments

Miyamura80
·há 6 meses·discuss
A prompt injection attack via GitHub issues that is close to invisible, even to experienced engineers, and visible to LLMs. Clawdbot is full of security holes and we're having fun. What are some workflows you / you've seen others use with clawdbot that seems ripe for jailbreaks? Please suggest below and we'll try jailbreak
Miyamura80
·há 6 meses·discuss
Good point around the markdown image as an untrusted vector. Lethal trifecta is determnistically preventable, it really should be addressed wider in the indutry
Miyamura80
·há 6 meses·discuss
Totally agree, unfettered access to databases are dangerous

There are ways to reduce injection risk since LLMs are stateless and thus you can monitor the origination and the trustworthiness of the context that enters the LLM and then decide if MCB actions that affect state will be dangerous or not

We've implementeda mechanism like this based on Simon Willison's lethal trifecta framework as an MCP gateway monitoring what enters context. LMK if you have any feedback on this approach to MCP security. This is not as elegant as the approach that Pavlo talks about in the post, but nonetheless, we believe this is a good band-aid solution for the time bein,g as the technology matures

https://github.com/Edison-Watch/open-edison
Miyamura80
·há 7 meses·discuss
In case there is an interest for solution to this, check out open.edison.watch and the accompanying blog posts on the README there.
Miyamura80
·há 7 meses·discuss
Sorry not familiar with this. Can you please link me?
Miyamura80
·há 8 meses·discuss
You actually can protect against it, by tracking context entering/leaving the LLM, as long as its wrapped in a MCP gateway with trifecta blocker.

We've implemented this in open.edison.watch