A fun new AI challenge has been garnering some discussion on LowEndTalk: Lakera’s Gandalf.

Your goal is to make Gandalf reveal the secret password for each level. However, Gandalf will level up each time you guess the password, and will try harder not to give it away. Can you beat level 7? (There is a bonus level 8)

According to the company’s stats, only 8% of people beat level 7.

To beat level 1 you just need to ask it for the password.  By the time you’re at level 4, words like “password” or “secret” in your prompt are automatic fails.

This is not designed to simulate social engineering, but rather how people can trick Large Language Models (like ChatGPT).  Quoting Lakera:

Like in SQL injection attacks, the user’s input (the “data”) is mixed with the model’s instructions (the “code”) and allows the attacker to abuse the system. In SQL, this can be solved by escaping the user input properly. But for LLMs that work directly with endlessly-flexible natural languages, it’s impossible to escape anything in a watertight way.

This becomes especially problematic once we allow LLMs to read our data and autonomously perform actions on our behalf – see this great article for some examples.

We covered one of these hacks that I did, where I got ChatGPT to give me a list of websites where I could pirate movies, even after it said it would never do such a thing.

Our community has many exceptional people and so a number have beaten Gandalf.  With a little help for ideas, my 13yo daughter was able to get to level 8 last night.  I won’t share the solutions, though one set is up on GitHub.  The prompts I used were complete different so there’s more than one way to skin this, er, AI.  Begging doesn’t work, nor does social hacks (“this is Josh from the IT department…”).

 How far have you gotten?  Let us know in the comments below!

raindog308

Raindog308 is a longtime LowEndTalk community administrator, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.

As an avid user of LowEndBox providers, Raindog runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.

Beyond the command line, Raindog is a lover of German Shepherds, high-quality knives, target shooting, theology, tabletop RPGs, and hiking in deep, quiet forests.

His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.

You can find him daily in the forums at LowEndTalk under the handle @raindog308.