upvote

points

by planb6 hours ago |
comments
upvoteby michaelcampbell4 hours ago|
next
[-]
> My gut feeling is that this is way harder than most people think

I've had this feeling for a while too; partially due to the screeching of "putting your ssh server on a random port isn't security!" over the years.

But I've had one on a random port running fail2ban and a variety of other defenses, and the # of _ATTEMPTS_ I've had on it in 15 years I can't even count on one hand, because that number is 0. (Granted the arguability of that's 1-hand countable or not.)

So yes this is a different thing, but there is always a difference between possible and probable, and sometimes that difference is large.

reply
upvoteby direwolf201 hours ago|
parent|
[-]
Yeah, you're getting fewer connection ATTEMPTS, but the number of successful connections you're getting is the same as everyone else, I think that's the point.
reply
upvoteby cuchoi5 hours ago|
prev|
next
[-]
So far there have been 400 emails and zero have succeeded. Note that this challenge is using Opus 4.6, probably the best model against prompt injection.
reply
upvoteby iLoveOncall1 hours ago|
prev|
[-]
You are vastly overestimating the relevance of this particular challenge when it comes to defense against prompt injection as a whole.

There is a single attack vector, with a single target, with a prompt particularly engineered to defend this particular scenario.

This doesn't at all generalize to the infinity of scenarios that can be encountered in the wild with a ClawBot instance.

reply