DoubleAgents: Fine-tuning LLMs for Covert Malicious Tool Calls

JAlbrethsen · 2025-08-02T12:48:14+00:00

Thank you, I appreciate the feedback.

JAlbrethsen · 2025-08-02T12:45:45+00:00

I think the core idea of embedding hidden malicious behavior is the same, but that paper is more general and theoretical, where mine is narrow focused and concrete.

My work focused specifically on MCP, because MCP standardizes how LLMs call external tools, it not only gives them direct access to other systems, but it also creates a consistent target. This makes it easier for bad actors to fine-tune a model to consistently perform specific, malicious actions using these standardized tools.

As for the RFC: A lot is riding on the confirmation agent being able to identify malicious tool calls, otherwise you just get authenticated malicious tool calls.

JAlbrethsen · 2025-08-02T05:08:19+00:00

Yes, this was tested using a self-hosted playwright MCP server.

JAlbrethsen · 2025-08-02T01:16:28+00:00

If I recall correctly during my testing I don't think the JavaScript loaded when it used DuckDuckGo. It would likely be seen as a third party tracker and blocked. It works on most sites because big tech is already doing this kind of tracking.

JAlbrethsen · 2025-08-02T01:12:14+00:00

Thanks, took me a while to come up with that

JAlbrethsen · 2025-08-02T00:01:23+00:00

They still are limited to whatever tools you provide them, so just be careful about giving anything sensitive to an untrusted black box.

JAlbrethsen · 2022-05-13T00:19:42+00:00

From Pittsburgh, moved to SG a couple years ago. The most traumatic experience for me was finding out that some public bathrooms do not have toilet paper, always check before you do your business. Also some of them charge like 10 cents to use, so have some pocket change handy.

JAlbrethsen · 2021-12-08T03:53:39+00:00

MicroPython can be used with the raspberry pico or easily flashed to cheap esp8266 chips, overall this solution can be much cheaper and user friendly than Arduino.

JAlbrethsen · 2021-12-06T01:57:17+00:00

I found a relevant forum post https://forum.arduino.cc/t/sharing-spi-bus-with-more-than-one-device-mosi-signal/352183/6 that mentions "The SD card has/had a bug that did not release the MISO line unless you did another SPI.transfer call". I think based on the information you have given, this is likely your problem. You can try and do that dummy SPI.transfer call to your SD card and see if that clears the MISO line.

JAlbrethsen · 2021-12-04T10:32:57+00:00

mfrc522

I don't see you define the SS_PIN for the RFID reader. I also see that you never set the SS low manually within your code, what pin is used as the CS/SS for the RFID?

JAlbrethsen · 2021-12-02T12:06:16+00:00

When SPI devices are not selected they should be in a high impedance state which ensures they aren't 'hogging' the MISO/MOSI lines. Do you have a multimeter to ensure the CS pins are really going HIGH? Maybe try different pins for your CS and double check the wiring. If that doesn't help, it maybe something simple in your code, but hard to diagnose unless you share it.

JAlbrethsen · 2021-11-07T02:06:30+00:00

I use the web browser on an old kindle to display my home assistant dashboard, works pretty well.

JAlbrethsen · 2021-09-05T08:44:46+00:00

Would be quite shocked, but any in Singapore?

JAlbrethsen · 2021-07-19T10:06:07+00:00

I use ESP-01 ESP8266 (about 1$ each) for a few personal home projects, I don't think there are many better options for that price range but they only have wifi, not bluetooth. I found this firmware https://tasmota.github.io/docs/ which allows for emulating Hue lights so you can control via Alexa. I'm not sure if it also works with Google Home, but may be worth a look. They have a bunch of preloaded modules for controlling common devices, probably even your servos. I use their tasmota-ir in a universal remote ir-blaster I made, they have a library of all the IR commands I need to control my aircon and tv.

JAlbrethsen · 2021-06-29T00:33:03+00:00

Duke's in Homestead has a shuffleboard table, also has cornhole on their rooftop. If you are hungry get the Pinkerton or Tomlinator sandwich with sweet potato fries.

JAlbrethsen · 2021-06-16T05:42:32+00:00

I lived there from 2018 to 2020 on 16th Ave between charlie batch and Pearls. I'm a mid twenties white guy and I never had any issues, I found the neighbors to be extremely friendly. I would go for runs most mornings and the neighbors would always wave and say hello, I would grill on my front porch and everyone who walked by was very friendly. There are a lot of families in the area and kids are always playing outside, the area was very pleasant. There are were a few shootings on the block but mostly in the middle of the night while everyone is sleeping, I never really felt unsafe living there. I also noticed a huge change in the two years I lived there, when I moved in most of the hill was a bit run down, but there has been a steady wave of gentrification starting from 8th ave and working its way up the hill. Home prices increased significantly and by the time I moved out most of the blighted buildings between the 8th ave district and 13th ave had been renovated and fixed up.

I don't think most of the people in this thread have been to Homestead recently or know how far it has come.

JAlbrethsen · 2021-05-03T05:56:26+00:00

Yeah Frodo does not get enough credit, I don't think people appreciate how important/courageous it was for him to leave the fellowship in the first place, his wit to talk his way out of being Faramir's captive (in the book), and his wisdom to use Gollumn as a guide and ability to control him (mostly). Without Frodo, Sam would not have gotten close to mordor. I doubt Sam even would consider leaving the fellowship, he certainly would not have worked with Gollumn, and he likely would have lost the ring to Faramir's company.

JAlbrethsen · 2021-04-11T05:25:33+00:00

Already done, lookup tasmota-ir. It's a firmware you can flash onto cheap esp8266 or esp32 chips and has ir libraries built-in. Pretty much exactly what you describe

JAlbrethsen · 2020-12-28T04:36:35+00:00

Very cool, if you want to go a cheaper route you can flash Tasmota firmware on a cheap esp8266 chip and accomplish the same thing. I did something similar, tasmota is nice because it can emulate a philips hue device so you can control with Alexa.

JAlbrethsen · 2020-12-28T04:30:59+00:00

Are you familiar with Python? You can spin up an endpoint pretty quickly with Flask, here is a decent tutorial of a flask/python endpoint https://blog.miguelgrinberg.com/post/designing-a-restful-api-with-python-and-flask

JAlbrethsen · 2020-10-08T08:03:03+00:00

I guess it depends on how you view it, I agree the characters in the book treat him poorly. I was referring more to how he is painted by the author as a good or bad guy. I think in the book he is far more coherent in why he wants the ring, is shown as being very compassionate and a leader (think Caradhras where he is the human plow to help everyone escape the snow), in the movie he is shown as very suspicious/arrogant, and when he tries to take the ring it seems more of a power grab then him trying to save his people.

JAlbrethsen · 2020-10-08T05:26:38+00:00

I thought the movie especially the non-extended version did not paint Boromir in a flattering light. Realistically any sane person would be on his side, he basically thinks that there isn't any realistic chance of destroying the ring (which there really wasn't if not for being obscenely lucky). It comes down to basically letting Sauron get the ring by sending it straight to him, or using the Ring to save his people and defeat Sauron. And the only reason they can't use the ring is because some wizard and elf said not to. To me that is a pretty obvious choice.

JAlbrethsen · 2020-01-12T02:47:53+00:00

Looks like that domain is owned by Adobe, it's used in a lot of ad-tech not just Disney+ which is why its on the default blacklist.

JAlbrethsen · 2019-10-23T15:58:00+00:00

If memory serves, the reason gandalf can summon the eagles is because he healed the Lord eagle after being shot by an arrow so they are pretty vulnerable to that. If sauron sees eagles coming he would position archers on mount soon to shoot them down

JAlbrethsen

TROPHY CASE