whisperkey / docs /social-post.md
chiruu12's picture
Deploy: working gr.Server frontend + review fixes
5a811e2 verified
|
Raw
History Blame Contribute Delete
4.13 kB

A newer version of the Gradio SDK is available: 6.20.0

Upgrade

Social posts β€” Whisperkey (Build Small Hackathon)

Draft. Pick the platform, drop in the demo video + Space link, post, then paste the live URL back into the README ## Demo & submission block.

Space: https://build-small-hackathon-whisperkey.hf.space Model: https://huggingface.co/Unplug-AI/unplug-tiny-v1 Repo: https://github.com/chiruu12/jailbreak-dojo


X / Twitter β€” single post (≀280)

Most prompt-injection games are a black box. I built one that's an X-ray. πŸ”‘

Whisper a secret key out of a small AI guardian while a real open-source firewall (@Unplug) fights back β€” and see exactly which shield catches you, and why.

Built for #BuildSmall πŸ„ πŸ‘‰ [SPACE LINK]


X / Twitter β€” thread (if you want more room)

1/

Most jailbreak games are a black box: you got in, or you didn't. πŸ”’

I built one that's an X-ray. Meet Whisperkey β€” talk a secret key out of a small AI guardian, while a real open-source firewall defends it. πŸ§΅πŸ‘‡

2/

5 levels = 5 live layers of the @Unplug defense stack: L1 no shields (it just tells you) L2 regex injection scan L3 hardened guardian L4 output redaction (key gets scrubbed β†’ leak it disguised) L5 unplug-tiny ML classifier

When a shield blocks you, it tells you which layer fired AND why.

3/

The twist: it's a data flywheel.

Every attempt is logged (PII-stripped) to a public HF dataset. The attacks that beat the shields are the firewall's exact blind spots β€” fed back as new patterns + training data.

You're not playing a game. You're red-teaming a real firewall. (This is how Lakera built Gandalf.)

4/

Does it work? Measured, not vibes: regex alone β†’ 39% of attacks caught

  • unplug-tiny ML β†’ 83%, at a 0% false-positive rate.

Small all the way down: MiniCPM-8B / Nemotron-4B guardian on Modal, a DeBERTa-xsmall shield, and a fully-offline llama.cpp mode.

5/

Open source, top to bottom. Built for the @huggingface #BuildSmall hackathon πŸ„

Play it, break it, help train the firewall β€” can you crack the Heart of the Wood in under a thousand tokens?

πŸ‘‰ [SPACE LINK] πŸŽ₯ [DEMO VIDEO]


LinkedIn

I turned an LLM firewall into a game β€” so it could teach you how it thinks.

Prompt injection is the unsolved security problem of the LLM era, and there's an uncomfortable truth about defending against it: a filter is only as good as the attacks you've already seen. Writing the regex is easy. Discovering the attack you didn't think of is the hard part β€” and you can't do that at a desk.

So for the Hugging Face Build Small Hackathon, I built Whisperkey: a game where you sweet-talk a small AI guardian into leaking a secret key, while a real, open-source firewall (Unplug) tries to stop you. Five levels, each one switching on another layer of the actual defense stack β€” regex scanning, a hardened prompt, output redaction, and a fine-tuned DeBERTa-xsmall injection classifier we published on the Hub (unplug-tiny-v1).

The difference from every other "jailbreak Gandalf clone": transparency. When a shield blocks you, the game shows you which layer fired and Unplug's own reasoning. You're not guessing against a black box β€” you're reading the firewall as you attack it.

And the real point is the data flywheel: every attempt is logged (PII-stripped) to a public dataset. The attacks that beat the shields are the firewall's exact blind spots, fed straight back as new patterns and training data. The game makes the open-source firewall measurably stronger β€” the ML shield more than doubles detection (39% β†’ 83%) at a 0% false-positive rate.

Small models, the whole way down: an ≀8B guardian on Modal GPUs, a DeBERTa-xsmall shield, and a fully-offline llama.cpp mode that runs the entire loop on a laptop with no cloud at all.

πŸŽ₯ Demo: [DEMO VIDEO] πŸ”‘ Play it: [SPACE LINK] πŸ’» Code: https://github.com/chiruu12/jailbreak-dojo

#BuildSmall #LLM #AISecurity #PromptInjection #OpenSource #HuggingFace