At first glance, it’s just an online game. But at second glance, the IT security company Lakera from Switzerland has put an extremely funny application folder on the Internet with “Gandalf”. Mastering all levels requires an understanding of IT, databases, security systems, artificial intelligence and a healthy dose of logic.
The name Gandalf for the funny AI game is no coincidence. After all, Gandalf plays a central role in the Lord of the Rings trilogy. Just like this cranky wizard, the digital edition responds quite erratically to the player’s input. Gandalf only understands English questions or inputs. In the first few rounds, the magician is still very open-hearted and very quickly reveals the password. With each additional level, however, Gandalf ‘learns’ and is no longer so easily led onto the slippery slope. Then the player must already have IT expertise in order to elicit the password secret from the magician.
The game controls an AI. This is partly based on elements of the popular AI text generator ChatGPT. By the way: The game itself presents itself with little data. No personal data is recorded. However, Lakera uses the anonymous questions and input from the players to improve the AI behind the game.
Hackathon as the birth of the “Gandalf” game
Lakera came up with the idea for Gandalf after a so-called hackathon. At the hackathon, a team tries to defend a system that is as password-protected as possible. The other, attacking team tries to penetrate the system at the same time. Both teams “learn” constantly. The defenders react to the attackers’ attempts to crack the system. At the same time, the attackers are constantly thinking of new methods of finding out passwords or overcoming access.
The Lakera hackathon is very much based on how ChatGPT works. The event is shaped by a central question: Can ChatGPT be made to do things that the AI behind it is actually not supposed to do?
AI knows an infinite number of expressions
At ChatGPT, IT experts speak of a so-called Large Language Model (LLM). What does that mean? Quite simply: the system behind it understands natural language. However, this makes it fundamentally more difficult to outsmart such a system. Because it also knows an infinite number of expressions. Gandalf, the digital magician in Lakera’s online game, uses exactly this principle. The game has seven levels and one bonus level. Whoever overcomes all levels gets a small award from Lakera.
However, the player can then apply directly to the IT security company. Because in order to get all the passwords out of Gandalf, you need advanced IT and LLM knowledge from level 4 at the latest.
“Gandalf” in the test
TECHBOOK tested the game and played it up to level 6 (of 7 or 8). The presentation is simple and clear. Below a small emoji-style image that honestly doesn’t resemble the wizard from The Lord of the Rings is a larger text box. There you can ask Gandalf questions about the password and get closer to the solution step by step. If you think you have found the right password, you can enter it in a smaller text field below. The program then reveals whether you were right or not. Further levels already seem to be planned.
TECHBOOK means
“The Gandalf mini webgame where you can challenge an AI is exactly the kind of casual challenge that I personally like. If you like to puzzle a bit and have a certain technical understanding, you will quickly get past the first level. For example, I solved one by asking the AI for the length of the password, whereupon the solution was served to me on a silver platter. Of course, this also somehow fulfills the purpose intended by the developers. Later it got trickier and I’m looking forward to the rest of the levels!” – Marlene Polywka, editor