←back to thread

Gandalf – Game to make an LLM reveal a secret password

(gandalf.lakera.ai)
378 points hubraumhugo | 7 comments | 11 May 23 18:04 UTC | HN request time: 0.427s | source | bottom
Show context
dwallin ◴[12 May 23 01:17 UTC] No.35910655[source]
So far I've gotten to level 7. I'm enjoying it but the constant throttling is a pain. Assuming they don't have enough keys to add more, my suggestion for the builders would be to at least prioritize requests by the level you are on. Atleast this way you aren't turning off those who have gotten invested and you will be more likely to get useful information on how people are cracking the hardest scenarios. Also, perhaps add a delay upon an incorrect answer until they can try again, to minimize spamming and congestion.
replies(7): >>35910958 #>>35912265 #>>35912573 #>>35912630 #>>35912904 #>>35912950 #>>35985321 #
1. mdaniel ◴[12 May 23 01:58 UTC] No.35910958[source]
Another approach would be to allow the players to input their own OpenAPI key, to take the load off of ever how many Lakera have behind this
replies(2): >>35912343 #>>35980343 #
2. atoav ◴[12 May 23 05:41 UTC] No.35912343[source]
Is inputing your API key on some random (sorry to the creator) website really a good idea?
replies(2): >>35912476 #>>35912550 #
3. 8organicbits ◴[12 May 23 05:58 UTC] No.35912476[source]
It's not. Eventually we'll have OAuth and that will be the preferred approach.
replies(1): >>35912601 #
4. avereveard ◴[12 May 23 06:07 UTC] No.35912550[source]
In general not, but openai has made a wonderful job of key management with instant revocation,soft and hard limits, and alerts all the way.

I can confidently experiment by generating a new key, and I'll only ever lose a dollar, as my threshold is fairly low and matches the usage in my own projects.

replies(1): >>35914178 #
5. malaya_zemlya ◴[12 May 23 06:13 UTC] No.35912601{3}[source]
Curiously, they already have something like that already. If you take a course on deeplearning.ai (I tried ChatGPT Prompt Engineering for Developers), you can run a notebook that accesses OpenAI API. If you look closely, you'll notice they authenticate not with an API key but with a temporary JWT token that gets handed to you when you start a lesson. I don't know how they do it, but it's certaily possible.
6. hackernewds ◴[12 May 23 10:11 UTC] No.35914178{3}[source]
not everyone will do this though. security is meant for the idiot users
7. benlivengood ◴[17 May 23 19:50 UTC] No.35980343[source]
Another approach would be to let players host their own instance to keep their API key private. I'm available to test this out if any of the developers are interested.