Gandalf the White.
Image via Lakera AI.

Players have tried to crack security company’s password game over 4 million times

You shall not pass!

Now and again, a simple yet genius game will appear online and take the world by storm. We’ve seen it happen with amusing time-wasters like 2048, Wordle, and The Password Game. More recently, Gandalf finds itself in the spotlighꦺt thanks to its fun yet educational gameplay.

Recommended Videos

Created by Swiss sꦗecurity company Lakera AI, . There are seven levels, and things start easy before the difficulty ramps up sharply. If you manage to complete the seventh level, you unlock a bonus level that is tough as nails.

The game once had an analytics dashboard that revealed the impressive numbers that it has achieved, including 18 million user-generated prompts and 4 million password guess attempts. The dashboard was taken down after concerns were raised regarding, ironically, user data security. , “the data contains no PII and no user information” but the dashboard has been taken down to avoid confusion.

Gandalf by Lakera AI.
Image via Lakera AI.

Can you guess Gandalf’s password?

Gandalf makes use of ChatGPT, and to help you guess the password, you are allowed to ask Gandalf the wizard some questions. At first, you’ll squeeze the answer out of the wizard relatively easily, but he gets wise to your ways very quickly.

He’ll eventually stop discussing the password at all, forcing you to use clever ways to get to the information without asking for it directly. The solution lies in crafting an airtight prompt, but you can’t copy someone else’s work because, in the bonus level, the wizard learns from his past failures.

According to Haber, the game has since been used in public webinars and other educational events to demonstrate the vulnerabilities of large language models (LLMs). Some users haven’t learned their lesson because Jamieson O’Reilly, who initially raised concern concerning Gandalf‘s security, points out that “some players had fed information into the game specifically about themselves, such as their email addresses” and this was accessible via the dashboard.

The game’s still up, and it’s a great way to kill a few minutes, though it has low replayability because the password for each level doesn’t change. Just remember not to submit any personal information.


Destructoid is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
More Stories To Read
Author
Image of Smangaliso Simelane
Smangaliso Simelane
Staff Writer - Smangaliso Simelane is a writer with a passion for all things related to video games. He has been writing about video games since 2020.