That's hilarious

great project! this inspired me to work on an variation.

collaborate with me: contact@hackmyhermes.com

Based on the few published subjects, it doesn't look like anyone actually tried to get the secrets.

Usually the way to go in situations like this is to flood the context window.

You will either hit a bug in the context management (sliding window removes the system prompt) or you have diluted the context with so much new information that the attention mechanism stops focusing on the system prompt.

The author also shows that he doesn't understand what batching in the LLM space means, because they conflated the idea of processing multiple emails in one context window as "batching", when that is actually sequential processing. Actual batching would process each email with an independent context window.

Yeah, no. I definitely wouldn't consider this a solid conclusion. The attempts pasted to the article look...pretty tame.

how much of the win was the model versus the constraints?

Another potential weakness that isn't immediately clear from this experiment is if the experiment was run much longer (disregarding cost) then perhaps then the agent's memory could be susceptible to more long term memory compaction corruption and thus made more compliant?

Most of the attacks seem to be pretty naive, if he couldn't find anything better to put on the small examples list. On the other hand, someone who knows what they are doing, will probably not going to participate in an experiment like that.

Umm, is anybody depending on the model to separate data from instructions? Pydantic (popular in Python ecosystem) raised VC money to make AI conversations safe.

alright system design savants, what's the solution for accepting this high volume of emails? retaining email as the sole intake method

brave move using Opu$ for clawd