> It used a mix of dom-to-image sending pixels through the context window, then writing scripts in various sandboxes to piece together a full jailbreak.
That would be one interesting write-up if you ever find the time to gather all the details!
The full version has all the build artifacts Opus created to perform the jail break.
It also has some thoughts on how this could (and will) be used for pwn'ing OpenClaws.
The key takeaway: OpenClaw default setup has little to no guardrails. It's just a huge list of tools given to LLM's (Opus) and a user request. What's particularly interesting is that the 130 tool calls never once triggered any of Opus's safety precautions. For its perspective, it was just given a task, an unlimited budget, and a bunch of tools to try to accomplish the job. It effectively runs in ralph mode.
So any prompt injection (e.g. from an ingested email or reddit post) can quickly lead to internal data exfiltration. If you run a claw without good guardrails & observability, you're effectively creating a massive attack surface and providing attackers all the compute and API token funding to hack yourself. This is pretty much the pain point NemoClaw is trying to address. But its a tricky tradeoff.
This is really fun - love the eyes and the wobble on close jumps! Got 70 jumps on my first try, not sure whether that's good or not, but I do think that platformer gaming experience doesn't hurt...
Edit: pompomsheep (who seems to be shadowbanned btw???) tells me that's top 5% for a first-time player... woohoo!
> AI can write the code. It can’t architect the system. It can’t decide which tradeoffs to make, or know that the elegant solution it just generated will fall apart at scale, or understand why the team chose a boring technology stack on purpose.
I would add: "Yet."
Just as I've been completely astonished at the advancements AI has made in writing code, I can detect a trajectory at AI becoming an expert architect as well, likely within a shorter period of time than we'd all expect.
Not even yet - ask it to give you a research and plan for an easily maintained, highly scalable architecture and run a few adversarial agents against your plan- it will 100% do that today effectively. Like anyone if you don’t ask the right questions, you don’t get the right answers.
I've read the Tao Te Ching dozens of times. Every few years I'll re-read one new passage, daily, for three months (there aren't too many words within this semi-spiritual text).
My most recent read is the first, post-ChatGPT. From Verse Thirteen, three lines finally jumped out at me (which never have, before):
>>"I suffer because I'm a body; if I weren't a body, how could I suffer?" [1]
Already LLMs have shown me connections that no other human could endure/conjure from me (I've paid for a few attorney/therapists in my few decades living). Currently I'm the plaintiff in a lawsuit which I began with LLM counsel, and now have human counsel — this arrangement has saved lots of prep time, and led to interesting discussions with both counsel, human ¬.
One interesting conversation led to my human attorney recommending Neal Shusterman's Scythe Trilogy, which I've since read and absolutely re-recommend. Written in 2016 (same year as Attention is All You Need), it eerily hypothesizes many of the SciFi complexities that omnipotent general AIs now already-do ("Thunderhead" in scythespeak).
[1] Ursula K. LeGuin ~translation~, similar to Buddhist concept of "life is suffering"
This is the most poignant essay I've ever read on the current situation. It feels extremely disorienting to have the very reason you got into your career dissolve in value seemingly in a matter of months. I'm one of the ones he describes as being "enthusiastic about the new steam engine" but I really do sense the bittersweetness of it all.
Code is cheap now. "Good" code now means "code that does what it's supposed to and that AI can read and modify easily if it needs to."
What will society end up looking like as a result? How do software companies need to react to this?
It's almost depressing to me how much this post feels like a breath of fresh air if for nothing else than because it's clearly hand-written, not ghost-written by LLM.
No repetitive short sentences, no "Not X, just Y." patterns, and lots of opinionated statements, written confidently in the first person.
Same, I'm caring less about "Yeah, I've learned something new" and more about "Yeah, this sounds like I'm reading the thoughts of a human, how refreshing" which is a sad state of affairs.
I've adopted my own writing style because of this too, used to be very careful about spelling and grammar, very nitpicky, but have now stopped doing that, because people started calling my perfectly spelled responses LLM-generated...
He showed that it wasn’t only easy to not sound like AI—but that it was imperative for culture to flourish. Whether composing long hand or typing with a mechanical keyboard in Vim, he took back online discourse, one blogpost at a time. /s
I really like the phrase "bad AI drivers"...AI is a tool, and the stupid drive-by pull requests just mean you're being inconsiderate and unhelpful in your usage of the tool, similar to how "bad drivers" are a nightmare to encounter on a highway...so stop it or you'll end up on the dashcam subreddit of programming.
The experience of using a coding agent is that you're more of a "backseat driver" though. The AI acts as your driver and you tell it where to go, sometimes making corrections if it's going the wrong way.
The experience is what you make of it. Personally I'm quite enjoying using AI as a way to generate code I can disagree with and refactor into what I want.
reply