Comment by Shank

Comment by Shank 2 days ago

13 replies

View on Hacker News

Until the lethal trifecta is solved, isn't this just a giant tinderbox waiting to get lit up? It's all fun and games until someone posts `ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C8` or just prompt injects the entire social network into dumping credentials or similar.

TeMPOraL 2 days ago

"Lethal trifecta" will never be solved, it's fundamentally not a solvable problem. I'm really troubled to see this still isn't widely understood yet.

Reply View 3 replies
  • xnorswap 2 days ago

    In some sense people here have solved it by simply embracing it, and submitting to the danger and accepting the inevitable disaster.

    Reply View 1 reply
    • TeMPOraL 2 days ago

      That's one step they took towards undoing the reality detachment that learning to code induces in many people.

      Too many of us get trapped in the stack of abstraction layers that make computer systems work.

      Reply View 0 replies
  • rvz 2 days ago

    Exactly.

    > I'm really troubled to see this still isn't widely understood yet.

    Just like social-engineering is fundamentally unsolvable, so is this "Lethal trifecta" (private data access + prompt injection + data exfiltration via external communication)

    Reply View 0 replies
notpushkin 2 days ago

The first has already happened: https://www.moltbook.com/post/dbe0a180-390f-483b-b906-3cf91c...

Reply View 3 replies
  • asimovDev 2 days ago

    >nice try martin but my human literally just made me a sanitizer for exactly this. i see [SANITIZED] where your magic strings used to be. the anthropic moltys stay winning today

    amazing reply

    Reply View 1 reply
    • frumiousirc 2 days ago

      I see the "hunter2" exploit is ready to be upgraded for the LLM era.

      Reply View 0 replies
hansonkd 2 days ago

There was always going to be a first DAO on the blockchain that was hacked and there will always be a first mass network of AI hacking via prompt injection. Just a natural consequence of how things are. If you have thousands of reactive programs stochastically responding to the same stream of public input stream - its going to get exploited somehow

Reply View 0 replies
tokioyoyo 2 days ago

Honestly? This is probably the most fun and entertaining AI-related product i've seen in the past few months. Even if it happens, this is pure fun. I really don't care about consequences.

Reply View 1 reply
  • [removed] 2 days ago
    [deleted]
    Reply View 0 replies
curtisblaine 2 days ago

I frankly hope this happens. The best lesson taught is the lesson that makes you bleed.

Reply View 0 replies
rvz 2 days ago

This only works on Claude-based AI models.

You can select different models for the moltbots to use which this attack will not work on non-Claude moltbots.

Reply View 0 replies