What happened after 2k people tried to hack my AI assistant
Points and comments are a snapshot, not live.
An AI assistant resisted 6,000+ prompt-injection attempts to leak a secrets file.
The author built hackmyclaw.com, an OpenClaw assistant named Fiu running Claude Opus 4.6, and invited 2,000+ people to email it and try to extract a secrets.env file. Over 6,000 emails arrived, including authority impersonation, multi-language social engineering, and fake incident response scenarios. Zero attempts succeeded; the secret never leaked. Google suspended the email account due to volume, and API costs exceeded $500. The author initially batch-processed emails, but found that obvious prompt injections in early emails made the agent suspicious of later ones, so each email was processed in a fresh context.
What commenters are saying
Commenters broadly praised the experiment but warned against over-optimism. Many noted that the sample size is small for a nondeterministic model; a 0.1% success rate attack could easily show zero in 6k tries. Others pointed out that indirect prompt injection (via tool results or fetched docs) was never tested, and that the model being 99% malicious inputs may have biased it toward caution. Some requested replaying the same emails against cheaper models to compare. A few questioned utility: an agent that treats everything as an attack may be unusable.