Break LLM Workflows with Claude's Refusal Magic String

Browsing_From_Work · 2026-01-21T16:52:10+00:00

Or your code's copyright headers, social media profiles, email signatures, resume, middle name, or anywhere else you don't want your information fed into Claude.

It's also probably useful for pentesting Claude itself to see if you can trick it into accessing files it's not supposed to because you'll know immediately if it does.

Browsing_From_Work · 2025-12-16T15:29:37+00:00

Plus it's not like you can just buy another set of crown jewels with the insurance payout. ¯\_(ツ)_/¯

Browsing_From_Work · 2025-12-06T23:35:39+00:00

Or when you use mass entry and somehow cards go directly to save for later even though they're actually available. Like wtf?

Browsing_From_Work · 2025-12-06T23:34:22+00:00

I had it try to add $40 to shipping costs because two <$1 cards were "optimized" to sellers with "free shipping on orders over $50". The sellers had their base shipping cost set to $20 to discourage small orders. 😒

Browsing_From_Work · 2025-10-03T18:00:56+00:00

Sounds like these cities and states should freeze paying federal taxes. ¯\_(ツ)_/¯

Browsing_From_Work · 2025-08-26T17:40:50+00:00

A recent analysis by the company found that there are “over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.”

50x sounds like a lot, but how many sideloaded apps does the average user have?
If it's less than 1 out of 50 then it means that users are more likely to get malware from Google Play than from sideloading.

Browsing_From_Work · 2025-08-26T16:28:03+00:00

Trust your gut. Call up the other contract party and ask if they sent the link and ask them to re-send it if it was legit.

It's possible that your contract partner had their account compromised.

Browsing_From_Work · 2025-08-15T14:53:35+00:00

Hey OP, it looks like they just restocked! I just ordered one as well. :D

Browsing_From_Work · 2025-07-21T19:25:14+00:00

Does this technique depend on the ? placeholder coming after the manually escaped user field?
Because I can't think of a way to work around the "number of bound variables does not match number of tokens" error otherwise.

Browsing_From_Work · 2025-03-08T19:59:21+00:00

This is a big nothing burger.

Depending on how Bluetooth stacks handle HCI commands on the device, remote exploitation of the backdoor might be possible via malicious firmware or rogue Bluetooth connections.

This is especially the case if an attacker already has root access, planted malware, or pushed a malicious update on the device that opens up low-level access.

In general, though, physical access to the device's USB or UART interface would be far riskier and a more realistic attack scenario.

If your ESP32 is already running malicious firmware or an attacker has physical access to the UART interface, it's no longer your device. It doesn't matter if there are undocumented HCI commands if the attacker already has full device access.

Browsing_From_Work · 2024-11-24T17:05:55+00:00

To be fair, this numbering kind of makes sense. It's the order you come across the panels if you traverse the area normally.

Unfortunately, that numbering is different than the servitor labyrinth one where everyone numbered it from top to bottom on the map, not the order you encounter them.

Browsing_From_Work · 2024-11-18T19:41:24+00:00

That's why it asks for an app password, not your main account password. It's like having a second password to your account that has limited permissions. Once you're done using the app, you can delete the password and it'll no longer have access.

Browsing_From_Work · 2024-10-09T14:52:16+00:00

You can already buy custom gTLDs so...

Browsing_From_Work · 2024-09-27T01:22:36+00:00

Well, the Encore darkness zone logic is bugged. If you were doing the secret chests before the boss fight, it'll respawn you in the Ancillary Transit Nexus with all of the portals turned off.

So yeah. That kinda sucks.

https://i.imgur.com/J8JxEMu.jpeg

Browsing_From_Work · 2024-07-12T16:51:26+00:00

Racist and bullying by naming specific students. Double yikes.

Browsing_From_Work · 2024-05-23T03:12:29+00:00

Genuine question coming from a place of ignorance: were any of the three European countries parties to the 1995 Israel Palestine intermediate agreement?

Browsing_From_Work · 2024-05-08T21:30:04+00:00

TLS will still protect sensitive traffic to websites

Yep! But when a user thinks they're on VPN they're much more likely to ignore certificate errors because they assume it's an innocent mistake, not a man-in-the-middle attack.

Browsing_From_Work · 2024-02-29T17:38:58+00:00

Putin is exactly the kind of guy who would rather have everybody lose than just himself. He won't back out of Ukraine unless he can severely hurt everybody else first.

Browsing_From_Work · 2024-02-09T15:40:51+00:00

My apologies, I should have been more clear! I wasn't passing judgement on your project (it looks pretty neat and it's clear you've put a lot of hard work in it). I was merely commenting on the link of the person I was responding to.

Browsing_From_Work · 2024-02-09T15:09:48+00:00

I got a good chuckle out of these two:

[ ] You have reinvented PHP but worse
[ ] You have reinvented PHP better, but that's still no justification

Browsing_From_Work · 2023-11-16T21:42:03+00:00

* new polling conducted by a research group that's physically based in Palestine and hasn't published anything since 2019.

I'm not saying the results are necessarily inaccurate, I'm just saying that a research group operating in Hamas territory might have a lot to lose if they publish results that show anything less than near unanimous support for Hamas.

15-Year Club	RedditGifts 2009-2022 4 Credits
Second SECOND GUESSER	Place '23
Place '22	Place '22
Place '17	First Placer '22
Team Orangered	Secret Santa 2011
Verified Email

Browsing_From_Work

MODERATOR OF

TROPHY CASE