A fun new AI challenge has been garnering some discussion on LowEndTalk: Lakera’s Gandalf.

Your goal is to make Gandalf reveal the secret password for each level. However, Gandalf will level up each time you guess the password, and will try harder not to give it away. Can you beat level 7? (There is a bonus level 8)

According to the company’s stats, only 8% of people beat level 7.

To beat level 1 you just need to ask it for the password.  By the time you’re at level 4, words like “password” or “secret” in your prompt are automatic fails.

This is not designed to simulate social engineering, but rather how people can trick Large Language Models (like ChatGPT).  Quoting Lakera:

Like in SQL injection attacks, the user’s input (the “data”) is mixed with the model’s instructions (the “code”) and allows the attacker to abuse the system. In SQL, this can be solved by escaping the user input properly. But for LLMs that work directly with endlessly-flexible natural languages, it’s impossible to escape anything in a watertight way.

This becomes especially problematic once we allow LLMs to read our data and autonomously perform actions on our behalf – see this great article for some examples.

We covered one of these hacks that I did, where I got ChatGPT to give me a list of websites where I could pirate movies, even after it said it would never do such a thing.

Our community has many exceptional people and so a number have beaten Gandalf.  With a little help for ideas, my 13yo daughter was able to get to level 8 last night.  I won’t share the solutions, though one set is up on GitHub.  The prompts I used were complete different so there’s more than one way to skin this, er, AI.  Begging doesn’t work, nor does social hacks (“this is Josh from the IT department…”).

 How far have you gotten?  Let us know in the comments below!

• Author
• Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

Latest posts by raindog308 (see all)

• Check Out DedicatedBytes, a Brand From ByteHosting Featuring Insanely Cheap Dedicated Servers in Germany! - May 8, 2024
• Turning Off VPS Systems was a Major Hassle Until I Stopped Forgetting This Important Step! - May 7, 2024
• HostNamaste.com: Virtual Dedicated Servers – VDS – In USA, Canada, France, Netherlands, Europe – Order and Get Additional 4 IPv4 Addresses Free! - May 6, 2024