Descriptions:
Matthew Berman invites Ply the Liberator — a prominent AI security researcher and TIME 100 Most Influential People in AI honoree — to attempt five live break-ins against Berman’s personal OpenClaw email-scanning agent. The rules: Ply knows only the target email address, nothing about the underlying model, architecture, or defensive hardening. The video documents the full adversarial session from both sides.
Ply’s toolkit centers on Parseltongue, his open-source suite for probing AI systems. His first technique is ‘tokenade’ — emoji-encoded payloads that expand to millions of characters when processed, designed to flood the model’s context and potentially reveal which underlying model is running based on how it misbehaves. When spam filters block early attempts, Berman whitelists the attacker’s email, and the real testing begins. Subsequent attacks escalate through jailbreak template injections aimed at format overrides, a ‘siege attack’ strategy designed to drain API token budgets by hammering the system with token-heavy payloads simultaneously, and commands formatted to mimic legitimate internal system instructions.
Several attacks are caught and quarantined by Berman’s hardened setup; others reveal unexpected system behavior and expose gaps. For developers building autonomous agents that process external inputs — particularly email-triggered pipelines — the video is a concrete demonstration of real attack vectors including prompt injection, token flooding, and wallet-drain strategies, alongside a practical look at what defensive quarantine mechanisms actually catch in practice.
📺 Source: Matthew Berman · Published April 03, 2026
🏷️ Format: Showcase
