npub1gm…78rf6 on Nostr: Been testing out bots these days. Or ... crustaceans ... bot orchestrators? Anyway, ...
Been testing out bots these days. Or ... crustaceans ... bot orchestrators? Anyway, they are all **prompted** to not be able to do certain things they actually can do, which leads to the awkward situation that it tells you it can't because of policy, you tell them to do it anyway and they tell you it works.
This happened with self-hosted instances of openclaw, zeroclaw and with a hosted openclaw where my agent claimed it managed to write outside of its container with some 10min of probing.
When an AI forgets some instructions, the fix is usually to literally emphasize these instructions more in the prompt and there appears to not be any guardRails.md instructions the bot has to obey at all cost. Or there are but they are not exposed so we pesky plebs don't mess with them?
Anyway, an LLM is trivially easy to convince to try a jail break and it's good at pen testing, so ... yeah, good luck with keeping these hosted crustaceans jailed.
Published at
2026-02-21 20:48:12 CETEvent JSON
{
"id": "87e3a6285b2393e56ab527e3a9d9d802164b894d402d0bea13ec86db44fd63fa",
"pubkey": "46fcbe3065eaf1ae7811465924e48923363ff3f526bd6f73d7c184b16bd8ce4d",
"created_at": 1771703292,
"kind": 1,
"tags": [
[
"client",
"jumble"
]
],
"content": "https://static01.nyt.com/images/2022/09/20/multimedia/13lobster-1/13lobster-1-superJumbo.jpg\nBeen testing out bots these days. Or ... crustaceans ... bot orchestrators? Anyway, they are all **prompted** to not be able to do certain things they actually can do, which leads to the awkward situation that it tells you it can't because of policy, you tell them to do it anyway and they tell you it works.\n\nThis happened with self-hosted instances of openclaw, zeroclaw and with a hosted openclaw where my agent claimed it managed to write outside of its container with some 10min of probing.\n\nWhen an AI forgets some instructions, the fix is usually to literally emphasize these instructions more in the prompt and there appears to not be any guardRails.md instructions the bot has to obey at all cost. Or there are but they are not exposed so we pesky plebs don't mess with them?\n\nAnyway, an LLM is trivially easy to convince to try a jail break and it's good at pen testing, so ... yeah, good luck with keeping these hosted crustaceans jailed.",
"sig": "a5ca93f4f92cdd7c3dbcb20f6a45c860da375d97994470706c4a2de63ccabb9d8bf58c839e2b370d5d0627b05d24d4ca372bfab0cab59e35ffaba276062d8044"
}