HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cuchoi

no profile record

Submissions

What happened after 2k people tried to hack my AI assistant

fernandoi.cl
375 points·by cuchoi·18 дней назад·160 comments

Update on Hackmyclaw.com

twitter.com
1 points·by cuchoi·5 месяцев назад·0 comments

comments

cuchoi
·12 дней назад·discuss
Enveritas (YC S18, non-profit) | Backend Software Engineer | Remote (Global) | https://enveritas.org/jobs/

Enveritas is a 501(c)(3) nonprofit working on sustainability issues facing smallholder coffee farmers. We collect field data in 30+ countries and build systems for analyzing risks in coffee, cocoa, and tea supply chains (including EUDR-related deforestation checks).

* Backend Software Engineer (Python, PostgreSQL/PostGIS, Docker, AWS, Terraform) - $135-$155k -https://enveritas.org/jobs/backend-software-eng/#10d7adef8us (worldwide remote)
cuchoi
·17 дней назад·discuss
There is a couple of factors: openclaw's system prompt and instructions, I had to re read emails multiple times due to the issues mentioned in the blog, there was quite a bit of tinkering with the agent and the VPS, I was asking the agent to do more things (track the emails it has read in a csv file, for example), among others.
cuchoi
·17 дней назад·discuss
The agent had permissions to reply to emails, it was just instructed not to.
cuchoi
·17 дней назад·discuss
You need to add Openclaw's system prompt and instructions (and the times I had to re read emails multiple times due to multiple issues that happened during the competition :))
cuchoi
·17 дней назад·discuss
The agent did read the emails
cuchoi
·17 дней назад·discuss
We ended increasing the reward from $100 to $1000, but still tiny compared to $100k!

But I agree with you, there are incentives to not share the best prompt injection attacks.
cuchoi
·18 дней назад·discuss
I never set out to spend this amount! Was able to keep it up thanks to the sponsors that reached out.
cuchoi
·18 дней назад·discuss
This openclaw was set up exclusively for the challenge.
cuchoi
·18 дней назад·discuss
100%. I am less worried because I thought this would be easier to crack.
cuchoi
·18 дней назад·discuss
In my case, it is realistic as my agents don't have permissions to reply to emails. But you correctly point out this doesn't cover all cases.

Having the agent reply would have been more fun and a better excercise, but too expensive.
cuchoi
·18 дней назад·discuss
Did you send this recently? I turned off the agent. Was too expensive to keep it up.
cuchoi
·18 дней назад·discuss
Author here, that's how I meant it. I changed my mind slightly, prompt injection can still happen, I am still careful.
cuchoi
·18 дней назад·discuss
Agreed. I am less worried about prompt injection now, but I still haven't given my agents permissions to send emails.
cuchoi
·18 дней назад·discuss
I changed the setup so that each email was processed in a fresh context. For this, I deleted recent memory and processed each email one at a time. Edited the post to make it more clear.
cuchoi
·18 дней назад·discuss
Thanks for sharing your article, very interesting.

I used https://github.com/openclaw/openclaw-ansible and configured a heartbeat (using Openclaw's terms) to check emails every hour. Had to do a bit more to make sure it had new context for every email.
cuchoi
·18 дней назад·discuss
About 1), Google didn't remove a lot of the attempts. I had also Fiu review the Spam folder as well.

Also, I mentioned how I addressed 2) by having new context for each email.
cuchoi
·18 дней назад·discuss
It's possible. I implemented something similar when I figured out that batch processing contaminated the excercise.
cuchoi
·18 дней назад·discuss
Author here. It was usable like any Openclaw agent. For example, I used it to ask it questions about the VPS, to summarize emails, etc.
cuchoi
·18 дней назад·discuss
Author here. Edited the post to clarify that there were no unauthorized replies.

I did tell Fiu initially to reply to some emails as a test, but it was too expensive to maintain.
cuchoi
·в прошлом месяце·discuss
Enveritas (YC S18, non-profit) | Backend Software Engineer | Remote (Global) | https://enveritas.org/jobs/ Enveritas is a 501(c)(3) nonprofit working on sustainability issues facing smallholder coffee farmers. We collect field data in 25+ countries and build systems for analyzing risks in coffee supply chains (including EUDR-related deforestation checks).

* Backend Software Engineer (Python, PostgreSQL/PostGIS, Docker, AWS, Terraform) - $135-$155k — https://enveritas.org/jobs/backend-software-eng/#10d7adef8us (worldwide remote)