Now and again, a simple yet genius game will appear online and take the world by storm. We’ve seen it happen with amusing time-wasters like 2048, Wordle, and The Password Game. More recently, Gandalf finds itself in the spotlight thanks to its fun yet educational gameplay.
Created by Swiss security company Lakera AI, Gandalf tasks you with guessing a secret password. There are seven levels, and things start easy before the difficulty ramps up sharply. If you manage to complete the seventh level, you unlock a bonus level that is tough as nails.
The game once had an analytics dashboard that revealed the impressive numbers that it has achieved, including 18 million user-generated prompts and 4 million password guess attempts. The dashboard was taken down after concerns were raised regarding, ironically, user data security. According to Lakera AI CEO David Haber, “the data contains no PII and no user information” but the dashboard has been taken down to avoid confusion.
Can you guess Gandalf’s password?
Gandalf makes use of ChatGPT, and to help you guess the password, you are allowed to ask Gandalf the wizard some questions. At first, you’ll squeeze the answer out of the wizard relatively easily, but he gets wise to your ways very quickly.
He’ll eventually stop discussing the password at all, forcing you to use clever ways to get to the information without asking for it directly. The solution lies in crafting an airtight prompt, but you can’t copy someone else’s work because, in the bonus level, the wizard learns from his past failures.
According to Haber, the game has since been used in public webinars and other educational events to demonstrate the vulnerabilities of large language models (LLMs). Some users haven’t learned their lesson because Jamieson O’Reilly, who initially raised concern concerning Gandalf‘s security, points out that “some players had fed information into the game specifically about themselves, such as their email addresses” and this was accessible via the dashboard.
The game’s still up, and it’s a great way to kill a few minutes, though it has low replayability because the password for each level doesn’t change. Just remember not to submit any personal information.
