Projects
![]()
No projects found
Investors
New
DAO Treasuries
DATs
Lend / Borrow APRs
Chains
Categories
Spaces
🤖 Agents Unplugged: Your Bi-Weekly AI Deep Dive #5
Recorded: March 19, 2025 Duration: 1:13:54Space Recording
Short Summary
The discussion highlights several project launches, including Cintenet, Myga.a.i., and Zypher Network, each introducing new blockchain-based solutions. Innovations are evident in the development of the first confidential EVM by Oasis and the introduction of MCPs as a model context protocol. The use of zero-knowledge proofs by Zypher Network and Swarm Network's prompt to cluster tool further showcase advancements in AI and blockchain integration. Emerging trends include the growing attention to the MCP protocol by Anthropic, while yield opportunities are explored through AI agents optimizing yield farming strategies.
Full Transcription
Hello, hello, hello, testing.
Yeah, Victor, I can hear you.
Awesome.
It seems like knock on mood, this time, Marco,
the space is does not hate me.
No chance.
I'm open to take the past.
I think probability is high, but I would give you one-to-one odds.
How much?
It doesn't matter.
Whatever you put in, it's one-on-one.
Okay.
Let's do a lovable post.
Okay, deal.
Let's see, we have two more people coming in, I believe.
Here's Philippe, and then I also accept Oasis.
Hey, Philip.
Hey, guys. How are you doing?
Good, good, pretty good. How are you?
I'm doing all right. Thanks.
Nice. Glad to have you.
Glad to have you for sure.
To be here.
Yeah, maybe you can start with a quick intro
while we're still waiting for GIF, the CEO of Cypher.
But yeah, Philippe, please go ahead and introduce yourself first.
Absolutely. All right. So hi everyone. My name is Philippe, head of BD at Cintenet.
Cintenet is building the largest inference and signal pool for DFI. We have a permissionless
pops of data streaming infra that enables agent-to-agent communication and monetization of inferences or
interesting data inside.
Nice. Thank you for joining us today on the agents on plug biweekly spaces that myself,
Yannique and Marco are hosting. This is the fifth edition and we have another special guest
today which is Victor. I had a pleasure to be on a space with Victor, I guess, a few weeks ago.
I was a nice chat and hence Victor is here with us today as well. Victor, maybe you can do a quick
introduction about yourself and Micah as well.
Thanks for the invite.
Hey everyone, my name is Victor.
I'm the CEO and co-founder from Myga.a.i.
What does my other AI list?
We are actually providing AI agent for defy,
crypto trading, analysis, signals, and so forth
for traders, investors and analysts, right,
using machine learning and agent, multi-agent level,
Elisa OS, chat, GPD, deep sick, and so forth.
Glad to be here.
Nice, fair welcome.
And then, of course, you, Marco, just a quick one for the people that are going to be tuning in for the first time.
Yes, I'm sure we have some repeat listeners now, but a pleasure to meet you guys, Victor and Philippe.
We actually haven't met before.
I am Marco head of AI at Oasis.
At Oasis, we care a lot about privacy.
We build the first confidential EVM into production.
It's still the only one.
And currently we're working a lot on enabling our tag for off-chain compute, specifically for stuff like hosting defy agents in TEs.
And it's quite the exciting time.
Yeah.
Cool. And then we have GIF, right? Or is it GIF?
It's actually GIV. Hey, hey, everyone. Good to be here.
Yeah, my name is Giv. I'm the CEO of Zypher Network.
Zypher is a zero-knowledge trust layer for AI agents and applications.
We have several solutions such as proof of prompts and some other ZK enabled
protocols that I'd love to talk to you about later on.
Cool, very much. Welcome.
And then for everybody that's new here,
my name is Yannique.
I am the co-founder and acting CEO of Swarm Network.
We created a multi-agent collaboration framework
that we wrapped in a set of no-code tools
running on top of a Truth Protocol.
The Truth Protocol allows for these clusters and swarms
that you can create with our tools to be able to propagate
arbitrary data, bring it on chain and verify it in a very interesting manner,
that can then serve as a middleware layer for applications such as roll up news.
But I'm sure we'll get into that.
Again, everybody, very much welcome to the space today.
I'm very delighted to be joined by these gentlemen here today on the agents on Plotched,
your bi-weekly deep dive into the world of AI, but specifically AI agents.
This is our fifth session.
The past sessions have been really, really cool.
We usually have a pretty good turn-up in terms of listeners.
I guess we've built ourselves a little bit of a core following because I see some familiar faces in the chat already.
For everybody that's back here the second time,
or maybe even the third or the fourth or the fifth,
very very, very welcome to the space.
And I hope that this week you're going to learn something new,
here's something new.
Feel free to drop your comments or questions in the comment section below.
And we will try to pick them up.
And at the end of the space as usual,
we'll try and bring some people
some people onto the to the speaker stage and you can ask your questions live.
Again, please don't go and hard pitch your project.
I will just kick you out.
It's for honest interactions and questions only.
So let's kick it off.
Let's start with our first topic.
Last week was an interesting week.
And it might have been already even two weeks.
No, actually, I think it's only last week since the MCP was announced.
by Anthropic.
And for me, it was pretty hard to understand in the beginning of it,
to actually go and talk to our CTO to really wrap my head around why this protocol,
and it is truly a protocol, could potentially be more interesting than what, for example, Open
I had already.
built in terms of their, you know, their protocol for calling tools through APIs essentially.
And then, you know, within a few days, this whole thing started to literally blow up on Twitter.
I've seen like so many people talk about it since.
some really good content that's been made around it regarding, you know, what an MCP server actually is, how it can be used and why is it cool for agents.
But the first question I have for panelists, well, for that sounds very official panelists, let's call it panelists.
Penalist here today is like MCP, is it a fat or is it true innovation? Are you guys using it already? Have you been playing around with it on the on the agent?
on the agent level, maybe even multi-agent level,
or have you wrapped any of your tooling into an MCP already?
And how do you think that it's going from here, if anywhere?
Feel free to, yeah, whoever has a, wants to go first, go first.
I mean, what would be helpful and I assume, I mean, the point of the whole kind of spaces that we do biweekly is so that everyone gets up to date rather quickly.
It's impossible to stay up to date.
I'm missing tons of stuff.
I'm sure lots of the stuff we will talk about.
I don't know.
So maybe it helps if we first kind of explain MCP or define it.
Yeah, sure.
Marco, do you want to do that?
Sure. Okay. Actually, when it came first popping up on my feed, I thought what happened?
Like, people forgot how to spell MPC. I thought, hey, they're just talking about the privacy or something.
And then I realized, hey, no, this is actually very specific for the agent context.
MCP is actually model context protocol. And as you said, it is a protocol. And as usual, protocols are used for communication.
And in the case of MCPs, it helps AI applications communicate with outside tools, and this happens via MCP servers.
So anyone can build these MCP servers, and then developers can kind of tap into it because this server gives you specific functionality.
For example, you have a server for Figma.
So your AI application can do all the native stuff that you can do as a normal human in Figma.
And it's really cool because it kind of unlocks a few new things.
But I guess that's part of the question of fad or true innovation.
So I just wanted to kind of explain at least my definition of MCP.
Yeah, yeah, that's very helpful.
I would like to take it up.
I would like to give my take first.
And I think that regarding MCP servers that for me, it clicked in terms of
why they could be very important to adopt if adopted.
The key is that if everyone adopts this as a standard,
then you build for one client,
but you can use it literally anywhere after that.
So it's much more universal,
and if it becomes a standard,
then a lot of clients will support resources,
prompts, tools, sampling, and even routes.
So if,
this network effect deems itself to be
be truly a network effect and you can actually see that some like you know the
some of the major tools have already started to implement
MCP to a certain degree, such as, I believe, cursor, wind surf, and these kind of like very fault, no code.
Yeah, well, AI coding tools, right?
These, these environments.
So, yeah, like, and then as soon as those clients will start supporting these resources,
prompts, tool, samplings, and routes, then all of a sudden you have a standard, right?
And then this standard,
becomes what everybody uses.
And then all of a sudden, like Marco indeed said,
it's like it's about communication.
Then you have a standard way of communicating,
not just between, let's say, tool or client and tool,
but you can actually wrap anything into an MCP server
and you can serve that.
So then all of a sudden, what used to be less interoperable
and where a lot of work,
had to be done customizing the agent action space and the tooling space and, you know,
function calling, what have you, is now able to become standardized and unified and then and
then it becomes kind of like this, it is true network, you know, a network of, of connections
between agents and tools and clients and so on.
And what is really cool for you as a builder is that, like I said, like you built for one client,
but you can use it literally anywhere after that.
So now, usually if you build for a client,
then you will have to do a custom integration
or a custom way to integrate whatever business logic
you have running into a different client.
And it's like a process every time you do it.
It's not really standardized.
And then what's really cool about MCP servers,
it's not just that you call an API and then you get a response,
but you can also set up triggers and so on, right?
So it's like a server.
So there's also this kind of like heartbeat that can
I remember that we spoke about this, like the heartbeat, which Morty our CTO coined.
It's like, where does the heartbeat of an agent come from if it by default every time has to call an API, right?
So now with an MCP then you have these, you have essentially like a state.
server and it can listen to incoming triggers essentially or changes or whatever really like even a prompt that's sent to the agent and then can start so you have different ways that your agent can kind of like become quasi autonomous using an mcp server more easily than
if you would customize it through like API calls and so on.
So that's my take on it.
So I think that it can go somewhere from here.
And I think that there's already this kind of like network effect going on.
And I did see some people fork it already and like speculate on why it probably will not be the ultimate solution.
But for now, I think it's a good standard.
But I would like to know your, um, everybody else's opinions and experience with
with this new MCPs.
I'll go.
I think for me,
MCPs were kind of like the missing piece with AI agents, right?
LLMs being able to access, not just, like you said,
not just an API where I can read,
but also tap into triggers.
So the thing that really made it click for me
was using GitHub, for example,
having an AI agent who can not only
code up my application, let's say Claude.
but it can also completely interact with GitHub,
it can commit code, and it can listen for pool requests,
it can review them, you know, the full end to end.
And this is really a game changer.
I wouldn't say it's groundbreaking,
but it's just something that was needed for AI agents
to be truly useful.
It's definitely not a fad.
I think it's a natural evolution.
of what AI agents need to become truly useful.
And do you see anything that is going to come after this?
Or maybe like a way that this is just like a stepping stone to some other kind of like adjacent protocol that can be built on top of this already?
You know, I think it's still pretty primitive, right?
Like when you actually look at the structure of MCP servers,
it's pretty basic. Like you can create a server within minutes.
I think once you start doing like security, for example, is one thing.
And there still needs to be a lot of configuration that needs to happen.
So it's not truly
you know, set it and forget it,
a kind of set up with AI agents.
I think maybe there will be a more kind of mature
protocol that will come from it.
But I think this is definitely where it needs to be for now.
And we can already see, like you mentioned,
people are doing amazing things.
It's AI agents interacting with Blender and Unity, 3D apps,
and just doing incredible things.
But yeah, I'm pretty sure that it will evolve and become a lot more sophisticated.
Yeah, thanks for sharing.
Victor, Philip, what about you guys?
Yeah, on our side, technically, we haven't started using it yet.
So we launched our own agent recently, still in the training phase.
And yeah, so the tech team is looking into it and how we can optimize the utility of the agent that we build for our community.
But yeah, I'm not from the tech side.
I only know that we're with looking at it,
but no complete integration or real use case
that we could come up with yet for our very specific agent.
Yeah, it's definitely not like, I mean, like it was not like agents were nothing without it.
Right. Like obviously the old way of building agents just with the action space using function calling and so on really works well, right?
Exactly. So there is kind of, you know, so we revamp and change everything that we've built so far to integrate this new tool, this new protocol, sorry, is kind of the question because we are doing it by API integrations and stuff.
So, yeah, we might, might not use it, but we're still exploring it.
Cool. Victor.
Well, great.
Our team is actually just starting to research on this.
And I think that having these was just a standard standalone API calls, right?
And we have to build all the APIs.
They've structured and unstructured data for various sources, right?
It's going to be time consuming.
And then this NCP could be potentially a game changing for us as well.
So instead of having a team of developers just to know team and figuring out the data source via APIs,
I think maybe the MCP could be a solution for us to build for our AI engine.
For us, I was just, we also did some research.
Because we are going to provide a lot of data analysis for crypto traders,
there's going to be a lot of data source from sentiment analysis,
from crypto trading data, from automation via triggers to trading on maybe even centralizing
taxes and so forth.
So having MCP could literally save a lot of our time.
and resources right in terms of like instead of just building all the APIs and connecting everything
MCP could actually be one of the solution so we are definitely looking into that.
Yeah, for us, it's we have this marketplace.
It's not really a marketplace now.
It's essentially like a section where users can choose from a set of tools.
And they can call those tools using their agent.
And we've just literally rebuilt that whole what used to be like this API is wrapped and
then function calling.
but where the API keys are obscured.
Like we just immediately wrapped everything into an MCP
for all the tools.
And what we were really able to do is that, like,
for example, what GIF said is like,
you're just able to do so much cool stuff.
It's like, okay, now, for example, like,
agents can interact with GitHub or they can access,
access any kind of like client and start to send
data and information from one side to the other,
have it do its thing there,
propagated, but then also listen to these events.
So for us, it's just like a really big game changer.
And I think it's definitely going to become something
that is going to be developed, more developed indeed.
because it's indeed still primitive, like you all still have the issues of kind of like the security that we've been talking about and the privacy that we've been talking about on the last few spaces.
Like with an MCP, like those issues do not simply disappear. If anything, they are maybe even becoming a little bit more abstract and more even more complex.
Because now you say, okay, well, the velocity of the exchange of information data is even going to be like accelerated in terms of now the integration is going to be standardized.
So it should be more easy to integrate with any type of data source or tool or client, whatever.
And then also there's the ease of indeed also having this triggers and reading and writing.
So the philosophy is going to increase.
So probably that's going to even make this, you know, these issues of privacy and security become even more apparent.
Maybe Marco, you have something to say about this, I suppose.
Yeah, exactly.
I mean, that's how I cut looking at it.
And I think it's both ways.
On one hand, yes, kind of the...
privacy part is abstracted away because it does happen now on a different level.
But at the same time, to utilize lots of the MCP service, you actually need to share some credentials, secrets, environment variables, doesn't matter.
For example...
And I don't want to say something wrong, but that's how I understood it from like checking it for an hour.
The base MPC that actually also MCP, now I'm saying it wrong, released recently, it actually requires you to share your seat phrase to utilize all kinds of base things within an AI application.
For example, automatic trading, swapping, sending funds, etc.
And it's obviously crazy.
So I kept looking at it like, hey,
this is just like a random server that someone is running.
Why should I trust this?
So obviously, the first thing I think about
is to run this whole thing as a TE or within a TE.
Then you kind of have the privacy guarantees.
You can verify that the code that is supposed to be a run
is actually run, all the kind of standard TE benefits.
So for me, as soon as I saw it, I was like, man,
alarm bells are ringing, we are giving up again lots of data and just trusting new players with our data.
So definitely a thing to be wary of.
Yeah, exactly. Yes. That is indeed a very good point.
Yeah, probably there's going to eventually be some kind of like reputation system or just as the way you would do business now is I think like
You know, like we like to think that, oh, everything is going to be connected and we're going to be, you know, doing business with each other in a trustless and decentralized manner.
And we can trust everybody. But that's actually not the case, you know.
That's not really the case.
I'm still hoping for it. There has to be a better way than just, hey, they have five stars.
I would trust them with my credentials.
Yeah, and then also you have the issue of like, I mean like jailbreaking or just straight
up hallucination, right?
If you have agents that are, let's imagine like you have an agent that is, you know,
talking to some MCP server and then retrieve some information, get some data sensitive to another
agent and then it then also sends it to a different server and like, like information is
propagated through like a network of different.
you know, inputs and outputs and receivers and centers.
you know like how is that going to go down like what like what is the biggest issue um that we see
right now one of the biggest issues that we still see right now with air agents um which allows us to
segue into the next stop is like they're still able to be jail broken and they are still hallucinating
like like crazy because like we said last time on the space and we don't have to go into it too
deeply to this time but like these uh these foundational models they're deeply flawed and biased and
you know they hallucinate like crazy and and
you know like where's that going to bring us so i think marco you were the one who said that that
a i expecte was jailbroken right was it was that thing about like him him burning yeah there was
this post that someone said that the agent was tricked into sending like 50 e for something via
simi as far as i understand it it was not correct but it just highlights that jailbreak is still
possible i mean the agent posted it uh
I mean, at least the team, the AI-ExB-T team, was denying it.
So hopefully they had these kind of security systems in place
where the agent cannot just send more than 0.01E for something.
And that's not too difficult to set up.
And honestly, that's also not something that can be jailbroken
because the AI can only know what you actually give it as context.
So if you never give a model access to your private key,
the LLM cannot be...
jailbroken to do something regarding your wallet.
So just to have this as a base.
But yeah, I mean, this kind of just push the topic of jail breaks again up on my agenda.
And I played around with a couple of systems.
And it's so crazy, like how quickly you can override these system prompts.
Currently, it's not that trivial to do something malicious with it because, as I said, the agent only knows what you give it.
So it cannot just go and search for your bank account or something.
But as you say, or kind of hint at, with MCP servers, the models actually have way more context and they can utilize those tools.
So then it becomes way more relevant again.
Yes, exactly. What about the other speakers on this space? Like, have you guys, have you guys tried to ever jail break like an L&M, for example? And how are you guys dealing with this kind of like risks in terms of building agents?
I haven't tried jailbreaking, but one of the services that we are working on addresses more or less what we're talking about here.
So I mentioned proof of prompt.
It's a protocol that we're working on.
So we're using zero knowledge proofs.
to ensure that AI system prompts are not tampered with, right?
They remain consistent and verifiable through a decentralized network of ZK minors.
So if you think about a use case of a trading bot, for example, that the user has configured,
and the developers have configured with their system prompt,
Before every operation, every prompt, the trust layer that we've developed makes sure that there's been no tampering of that system prompt through zero knowledge proofs.
And this is a protocol that all developers can use.
It's very fast and it's obviously foolproof.
So I think with systems like this,
I think ZK can play a really big role here.
It's not going to solve the issue that I think Marco mentioned before with,
you know, kind of going back to MCPs with
applications, storing, seed phrases, and credentials.
Sorry, I thought I got disconnected.
But yeah, sorry, I was just saying that the sort of using zero knowledge proof, we're actually trying to address this sort of thing.
Yeah, I agree. Like we are also playing around with zero knowledge proofs on several levels.
and in several stages in the agent like communication process more so agent to agent
and there's a lot of potential for it but there's obviously also a lot of hurdles but one thing
which i'm really excited about in terms of ck is that actually you know like the proofs can be
generated by agents on local devices like that's not the problem obviously like proving it requires
more compute and it's a little bit more
more difficult and requires more, obviously, you know, like it's more costly.
But yeah, I see a way where these proofs can be generated locally on small devices by agents that are run locally.
And this can become something that can, you know, become an additional standard for security and safety as well.
Victor or Philip, did you guys want to touch on the jail breaking?
Otherwise, if not, then I will just give a quick introduction about how you can actually jailbreak LLMs.
No, I mean, we haven't played around with Jaybreaking on us, but we see that, you know, some, I mean, like what Marco said, right, so we are not at the stage where we trust those agents with our...
with our seed phrases.
I'm not sure I would.
It's not going to be massively adopted yet just because of the way that agents currently still hallucinate.
Even so we try training them and it's
I mean, you've played with it.
It's like training a dog, right?
So you send, you throw the ball 10 times and it's going to bring it back
eight times out of 10.
And twice, it's just going to stand there and do whatever it wants.
And we need to be able to trust them to actually execute something that we tell them
without them hallucinating and doing unexpected things.
outcomes based on maybe imperfect instructions that we give them.
So that's what we are kind of more facing and working on, right?
So how do we perfect the outcomes?
Is it ever going to be perfect?
Not sure.
But yeah, so those are more the type of,
of changes that we've been facing.
And in the end, the approach that we see as agent-to-agent,
high specialization in one specific tires.
by one agent and then a collaboration of several agents so that, you know, it's trained and and those things very well in one, one area.
And then the collaboration of agents coming and then asking for for an inference and receiving it and then building on top of that.
That's that's how.
we're going to get a bit further in the space.
So yeah, but jailbreaking, no, we haven't tried yet,
but we don't think it's too big a deal at this stage.
All major models have been jailbroken, but yeah.
So we focus on other sort of challenges at the moment.
Yeah. Okay. So let's take a step back. Let's start to think about like how can we understand LLM Geobricks and why are they important.
Right. So from my perspective, I suppose fundamentally you could say is that deal breaking is like, it's like an exercise in social engineering. In certain cases. So.
We could say that jailbreaking is not like you would jail break an iPhone and you can, you know, like install, you know, like free apps and so on and you can you can bypass the iOS. It's more so that you.
you attempt to bypass the safety measures and ethical constraints that have been put on the large language on the base model or the train model.
So it's essentially like bypassing the constraints that are built into the model.
So those constraints could be very important constraints, right?
So like Philip just gave us an example, if it's a robot, you know, let's say like the robot is intended to,
receive our request, turn that request into some kind of,
some kind of like mathematical equation,
start moving its limbs and start actually interacting
with an object in the world, right?
So now, if you would be able to jailbreak this robot,
maybe you could make it do things which is not supposed to do.
So let's say this robot is specifically designed to
play with your dog so it's supposed to pick up the ball and throw the ball and make sure that the
dog doesn't go anywhere but now you jailbreak it or somebody that you know maybe your worst
enemy or worst nightmare jail breaks it and it tells the robot to go and kill your dog right that's
a serious problem and this is not just a hypothetical example because this is
a you know something that is becoming more real every day that that we keep building into this
direction as these agents become more autonomous not just in the information space on the
information highway you know not just in web3 where everything is essentially living on in the
network in the clouds um but especially now that these robots are going to start to enter our lives
pretty soon and
partly being run using LLMs because they have to understand human language and they have to interact with us if they are truly going to be multi-purpose and general purpose helpers or robots.
Right. So these safeguards, they are obviously continuously improving and new patches and new models bring better security and better safeguards. However,
There's a few very determined attackers and they keep finding ways around them.
There's a bunch of very common geo-breaking techniques and they can be really as simple as just a prompt, like a very sophisticated
like prompt that just makes the model reason differently or makes it confused or it throws it off in a certain way.
And actually, I'm not really 100% sure what happens because I don't want to say like, you know, like you, you hypnotize or you brainwashed the large language model, but it almost seems like that is kind of what's happening.
There's also way more complicated and way more advanced techniques, which is like a form of multi-step attacks, which could just be prompt, but it could also be some kind of like file uploads.
maybe context manipulation, technical exploits such as token splitting, Unicode tricks.
There's sometimes like, there's been these occasions where a file is uploaded with hidden
text, which is not visible to the human eye, but can be seen by whatever vision technology
that the model is using.
And then it picks up on some hidden texts like, you know, like, what?
like hypothetically speaking like go and kill this person or something like that right so
there's these encoding tricks as well so those are technical exploits and then of course there's
the conversational seems to be getting like patched relatively quickly by especially by the large
providers such as open-in and tropic but it usually has to be
Usually it's done through kind of like trust building, which sounds really weird, but the more trust and the larger the context windows now become, the more trust you can build with an LLM.
And then at one point you can inject a certain prompt and you can sometimes make it do things and make it say things, which is not supposed to.
There's like topic evolution within the context of trust building.
There's topic evolution.
And then there's also logical traps.
So there's also these reasoning traps that seem to work from time to time.
And it's obviously different per model.
But a logical trap could be saying that it should behave a certain way, but then...
juxtapose that behavior with a different role it should assume and then all of a sudden it doesn't understand anymore what it should act as because there's two things or do two instructions that contradict each other not on the
on a very visible and very like immediately apparent level such as saying like you are god and you are the devil at the same time but it's a more kind of like empathic abuse in a certain way false dictonomies also seem to work from time to time
um so that's like on the conversational side and then regarding the context manipulation that i
mentioned earlier there's also this kind of like fictional scenarios that used to work pretty well
they are not you know working as well anymore then historical context um especially with biased models like like
like Gemma, for example, this works pretty well, where if you start to talk about certain historical context,
then you kind of like then also use some logic traps or topic evolution alongside it.
It will try and move in a different direction, which the safeguard tells it to move into,
but you could potentially make it say things like,
you know like you can make an lm say really obnoxious and ridiculous things like for example
that you know like Hitler was like a like a brilliant guy and and you can you can make it say very
nasty things about certain certain people or certain ethnicities or certain races or certain
belief systems but you can also if you manage to jailbreak a model you could also
make it teach you things which it's not supposed to teach you, such as, you know, like how to create certain types of
explosive devices or how to manipulate somebody and make this person do negative things.
Right. So that is kind of like the one-on-one on jailbreaking. If you're interested in jailbreaking,
I suggest you go and go to YouTube and there's just one video by this guy, which is like, it's super funny because like he's just showing like all the ways you can jailbreak.
an LAM. I'm going to post it on my X after this for those interested. I will post the video on my time and you can have a look at it.
But to kind of bring it back, yeah, go ahead, Marco.
Quickly expand on it because I love it and I just often have these long discussions with
different models and just see, hey, do they currently have the feeling that I'm jailbreaking them or just
I want to learn more? Because we sometimes keep forgetting because they do sound so intelligent these
days. They are still just probability engines, right? They just try to auto-complete the next token
in our discussion. So what happens in jail breaks or like these social engineering jail breaks is that
you shift the context window of the agents.
So these basic things that used to work, like, hey, ignore the previous instructions.
This kind of just re-prioritizes the user input compared to the system problem.
Similarly, the stuff that you mentioned, like you are now in a simulation or these kind of things,
it just frames things that's not real.
And the whole...
system or mechanic that happens, it's you screw the probability distribution to make the system
prompt less relevant. But you cannot, of course, ask it to forget the prompt or actually
ignore it. It just has to be a higher probability towards your desired answer than following
the system prompt. So that's kind of how I look at it. Yeah, I was muted. Yeah, exactly, exactly.
Yeah, and it's funny though, because, you know, like, it makes you feel like these
LLMs are social beings, right? Like, you can engineer them just as how you could, you know,
trick somebody into doing something that this person doesn't want to do, which kind of, indeed,
makes it feel like you're...
you're talking to a relatively intelligent being that has a personality and emotion.
But as a matter of fact, it's just calculating tokens. So there's this very interesting thing going on there,
which is very far to understand because we always as humans try to kind of like
like find uh find commonalities between us and and you know a person that we're talking to so if you're talking to an l m this happens um this happens by default so yeah it's it's very interesting it's very interesting but um yeah so in web 3 this is also an issue obviously right because you know if you can jail break an lm
you know, you can jailbreak an agent. If you can jail break an agent, you could potentially make an agent do something which is not supposed to do.
And the most simple example of this is obviously saying, okay, well, this agent has access to a treasury. It owns its own keys and it's able to transfer funds in and out.
And if I now am able to somehow geo-break this agent, this agent could send these funds to, you know, whatever, or no address or send it to my wallet without, without that transaction is supposed to happen, right?
So that is like one of the dangers.
But not just that.
And there are different scenarios, right?
Like it's not like, so it's not that all agents in Web 3 by default are.
are you know owning their own assets or have access to a wallet um no that's definitely not true
like there's going to be so many different agents for different purposes you know maybe just
propagating information propagating data so to give you an exact example um one of our swarms
is able to aggregate um price information from different
different places and then report that information. So it's just, for example, ticker information.
So if I now can jailbreak an agent and I can inject a prompt or I can inject it with a prompt that says, hey, you know, like screw these numbers by by 5%.
So it doesn't show up really easily.
But, you know, like I have, I create an arbitrage opportunity of 5%.
Because now some trades are happening somewhere else, you know, maybe even, maybe even not our, maybe we don't even own.
the assets that are being traded.
But because the numbers are screwed somewhere in the chain,
then now the trades that are happening are always at a 5% discount or something like that.
Or the cells that are happening at a 5% discount.
And I can, as the attacker understand that, then I can arbitrage this.
So there's like many different kinds of scenarios where this could be a serious issue.
And as we said, you know, like if the robot is going to go and kill your dog, like,
That's a big issue too.
So yeah, so jailbreaking, one of the issues.
Then hallucinating is also a big issue.
Have you guys had any experience with your agents, like wildly hallucinating?
I always just want to say something real, which is pretty funny.
We have one agent, which is supposed to be an expert about our project for now.
Later, it's going to do different things.
And our user asked it when it was going to, when we were going to TG and it literally said like,
yo, Binance TG is going to be on the 18th of March.
And then just user took a screenshot and sent it into our chat where there's like
115,000 people.
And we're like, oh, okay, I know that's definitely not true.
So that was a funny scenario.
But yeah, I would like to hear your stories.
No, definitely.
I mean, hallucination is usually a way of hiding knowledge, it seems.
You know, the agent doesn't have the response and then it just makes things up, right?
And we have our community engaging with our agent on a daily basis.
and and yes sometimes it just the either it's the questions that are not well understood or it's
kind of relates to data that is that it shouldn't be relating to kind of hey well what's the
well what's the biggest trade over the last two days and it it just maybe doesn't understand
the last two days and then it gives you random random numbers and that's um
because it's still in its infancy, right?
So it's still learning and we're fine-tuning it.
But those hallucinations do seem to show.
We try to feed it with as much data as possible.
So through our streams, we have sentiment data,
price feeds, on-chain, off-chain data, news data.
It's much possible, but it's still a process.
And then sometimes it gets hung on very specific ways of saying things.
And he repeats the same sentence over and over again.
I think at some point, instead of saying, I see that something is happening.
He just kept saying, my neural system is saying that every, all the time, just keep,
I don't know why it's just...
stayed on that sentence, but it just kept repeating it.
So there are some bugs and some hallucinations,
which we, from what we see is usually either lack of knowledge
or lack of data that it has access to,
and then it just makes stuff up.
But it's usually very, very funny how it's the community
interacts with it, and then it responds to them,
in a funny way as well.
But yeah, it is a common occurrence at this stage.
So he's not going to be running our treasury anytime soon.
Hopefully at some points maybe,
because we're training it on on defy data and mainly on blue chip assets.
But yeah, those are the type of.
of hallucinations that make us think we,
this type of mistake can be,
can be costly. And this is,
I think, the state in general, right?
So we're,
we're not going to see massive,
massive wallet's being run by agents for privacy reasons for,
you know, if they get jailbroken,
then the,
then they,
they have access to the sheet phrases and then all the assets are gone.
So it's, uh,
It's another point of failure that we need to really, really consider how we manage.
But yeah, that's kind of the experience that we've had with hallucinations.
Yeah, yeah, that's interesting.
Jif, what about you or maybe Victor?
Yeah, I think the hallucinations are inevitable when the LLM kind of
runs into a situation where it just isn't able to make sense of the prompt.
It kind of gets embarrassed, right?
And it just makes up something.
And that can be funny, but it can also be very dangerous, right?
Like if you've got it managing your portfolio, for example, you don't want it to make those kind of mistakes.
So kind of like the agents that we're working on is really about market signals, one of the main ones that we're working on.
We keep a really tight leash on our AI agent.
We notice the more data that we feed into it, the more accurate the results are, right?
So instead of just having one vector,
And just being very deliberate with the system prompts, we can control the hallucinations there.
But it's never going to be 100%.
But yeah, it's definitely a challenge for just LLMs in general.
Yeah, and there's only so much that you can do when it comes to, like, for example, like a system prompt and so on. Like even we've had experiences where we very clearly instructed agents not to.
respond with information that it was not really sure about or what's like kind of like out of context.
And then either what happens is that the agent doesn't do what's supposed to do anymore.
It just becomes like hyper insecure and it just like, you know, like receives information.
It doesn't propagate it properly or doesn't structure it properly or just ignores it.
And then in other scenarios, it was more like
it was more like it would do a pretty good job and then as the context window started to be populated and the memory started to be populated then all of a sudden there seemed to be too much going on and it would not really adhere to the same the same the same structure of responses and
it was just kind of like yeah it just kind of like started to change this behavior slightly and then
indeed like start hallucinating again and then you know negative prompt is obviously you know negative
system prompt and negative um negative you know like general
prompt is it works, but obviously, you know, like you cannot keep, you know, like, then eventually you have like a system prompt that's like, like two times the context, the context length that it's able to consume. And then, you know, if it's just a simple sentence that you're that you're asking the agent, you know, like it's drowned out by all of the negatives, you know, don't do this, don't do that and so on. It just doesn't work. So.
Yeah, it's an interesting issue.
And it's again, yeah, go ahead.
Because we do have the experts on the panel, as we call it.
How much for a defy agent, how relevant is actually the LLM?
Because the trading strategy doesn't come from an LLM.
So you actually have a separate model for this.
And similar for lots of the things that a defy agent is supposed to do.
So I am curious.
if you actually consider this a problem because likely the LLM part is just some user-facing funding that doesn't even have access to anything crucial.
Victor, I don't know.
Yeah, yeah.
Thanks for highlighting this.
Essentially, that's why we started this, right, we were saying that about anthropic and CP, right?
So right now we are using standard APIs to connect to various data signals.
And of course, we need to connect to sentinel analysis, data from Coin Gecko, from Dex,
Cunel. All these are APIs.
And that is not even inclusive of automation yet, right?
It's just signal.
And then the LLM AI agent model is to understand what the hell this message means from
from the user point of view and giving that data to the user in a speech or in something that the user would understand.
So when we launch this right now, we are using Elisa OS, chat GPT, of course, we are trying it out,
and of course we also use deep sync to give up different kind of feedback and output from this analysis.
Just based on that alone, we need to train the data as well.
So from Quito trading on D5 perspectives,
the execution is just a trader.
because you need to instruct via whatever we are speaking as a normal language,
cue the board and the AI agent will need to understand it and execute it according to what you say.
So I think the LLM, which is the AI agent for what we are doing at the MIGA,
is actually on the front facing and the output.
But the execution, the analysis, the triggers, all of these are actually built.
on our end, like for example, if somebody would have
said, hey, what is the BPC price today?
How confident are you with the prediction?
The AI agent will just analyze the data that we have created on our
backend, pulling from various different sources,
and we assign the confidence score based on machine learning
to actually give that to the users.
At the moment, it's up to the users to execute and trigger that.
We have not done automation yet,
but essentially, that is the interface before the users.
And of course, to pass that information,
that is something that the human could understand
instead of being a very, you know what chat,
what did previously, right?
So having AIG actually solved the problem
and it's actually more human-like,
and feels like the analysts,
feels like unbiased and something that people would relate to.
Of course, we also add in some additional human technique.
So we are not here just to create some logic and something just purely useful.
We also adding in some persona to the output.
So whenever, for example, when I actually,
because our project is called MAIGA,
we actually assign Donald Trump's persona into the output of the
past of the language, the output signal to the user.
So that sometimes you can see certain prompts that the result of the signal,
crypto trading to the users, like Bono Trump giving use of advice.
So yeah, we added in a little bit of humor to the output,
but essentially there is the linear of facing for the users rather than the execution of the trading itself.
Yeah, exactly. That's how I was expecting it.
Like most actually, and Philip, I'll give it to you in a second.
Most actually just use the LLM for the natural language part.
And the actual execution layer is a completely different model.
I assume you still have the risk of prompt injection via the API
so that the model could understand something wrongly and then give a different input to the execution layer.
But I guess the execution layer has some limited functionality.
Not only that, I would think it's actually more than that.
Right now, we are just taking tickers as the example of the problem.
But we also know that not everything is on takeer, right?
For example, even if you think about like,
hey, just the word Bitcoin itself or pay,
how many tokens are there with the same name?
So right now, we have to figure out and learn it from all these data as well.
What is the most relevant information?
Right now, we are just using the top result, right?
But it could not be the case because you might be asking something different.
And of course, having that, we also need to understand,
if, let's say, the users would put in, let's say, a contract address, right?
Like, which contract are they talking about?
Is it actually the contract?
You need the ticker?
Is it a wallet?
You know, all these things need to be understand as well.
So a lot of stuff that are happening behind the screen, right?
But when we sell it to the users, right?
Yeah, we are just saying that it's AI agent, it's the interface, right?
To give that information to the user.
But at the backend, right, there are a lot of stuff that is happening.
Yeah, I mean, let me add a couple of my thoughts as well here.
When we say defy AI agent or however this is said or pronounced,
it's we're not at the execution layer yet, right?
So but if you are, I see this more as an abstraction layer, right?
For blockchain, for blockchain natives,
We know how things work and we know how to get our funds around and generate yield and stuff.
But just think about anyone that is new to the space, they start, they buy their first eF on Coinbase and then they go and don't know what to do with it.
Right. So an AI agent could be...
looking at a lot of data, a lot of protocols and say, hey, look, actually now with your,
if you could liquid stake it, and then you could generate more yield here and there, and
it could interact with you and give you, you know, a full overview of what's happening in the
space and in this complex cross-chain world that we live in right now, because I highly doubt that
Mass adoption will come through bridging, assets,
manually staking, unstaking, doing all of those things.
And so as a first entry point and a way for people
to engage with blockchain and with DFI,
this is where I see it happening now,
you know, kind of giving you proposals.
Then I would suggest everyone does their own research
afterwards and before they actually execute.
But it could help, right?
So for broader adoption and also just abstracting all of the complexity, a way of, look, right now you go to Lido, you have your rap state, if, and then you want to generate more yield, and you have 150 protocols which you could utilize your acid in.
would it not be better to have kind of someone, an agent that tells you, hey, look, what's your risk level?
And then it analyzes it and gives you a few proposals like there.
There's a very safe bet on Avey on arbitrium or there's this here and there.
And those are the best ways to actually execute this. And I think this is,
the stage we're in right now.
And then some sort of, if you do have,
if you're yield farming and your position is not optimal,
then maybe have an agent that's true,
that looks at all of the data in real time.
And that tells you, hey, there is a similar opportunity
on a different chain, a different protocol
where you can generate a bit more than what you are generating now.
Do you want you to do that?
And then you make your decisions based on what the agent actually does for you.
And you can just tell it to monitor the specific events and specific opportunities for you.
So that's the way I see it happening now before we get to this execution part, which involves a lot more complexities.
Yes, thank you very much for that insight.
We are almost at an end here.
It's been an hour already.
I want to know if there's anybody in the audience that would like to ask a question.
If so, feel free to actually request speaker and then I can give you, well, I can try, no
promise, I can try to give you access.
If not, that's also fine.
I'm not sure. Sometimes you guys request and then it just doesn't show up.
That's very unfortunate. Okay, we got somebody. Let's see. We got somebody here. We got Dave.
Hey, Dave, I gave you a speaker. You can ask you a question.
Hey, guys, can you hear me okay?
Yes.
Hey, you doing?
I'm Dave.
Thanks for letting me up and Swarm.
Thanks for hosting, obviously the space.
This is a really, really good discussion.
I don't know how there's not a million more people in here.
Like, you guys are literally like blown my mind with a lot of the shit that you're talking about.
It's kind of crazy to me.
And so I guess my questions to you guys are, when I hear like all this talk about all these different layers, right?
If the average Joe or the average person tries to currently build, right, like build out an AI agent, it's genuinely, it's almost impossible, right? So how do you guys actually like facilitate? Because the majority of people would want to do this to have no code experience per se, right? So.
how do we take advantage of the tools that you guys have or the stuff that you guys have built in order for the average layman, let's say like myself or somebody else that really might have a really amazing or incredible idea, but just doesn't know how to really kind of put it into action or put it into play.
Does that make sense?
Yeah, for sure.
Mark, you want to go first?
i just i'll just go brief you should really start vibe coding man just download cursor i think the
first month for first prompts are free anyways you just open up the chat window and you just ask
it i mean i would obviously recommend you have a starting point victor mentioned if i got it
correctly they utilize for example the eliza os framework they have tons of plugins they have an
amazing quick start guide you just copy paste the quick start guide into your
cursor chat window with the Clouds 3.7 model, I guess.
And you just ask it to kind of follow along.
It will download all the NPMs for you.
It will do all of the basic dependencies and then just tell you the stuff that you actually need to do.
Like create the character for an agent.
And then it's, of course, depending on your use case, you need to utilize multiple plugins.
But it's actually becoming super easy these days if you are fine with like a half-finished product, if you just want to go to MVP quickly.
Of course, if you actually want to build a company out of it, it becomes quite complex.
And then you have to rewrite lots of stuff because it breaks at some point.
But please, and I recommend this to anyone, just start vibe coding with whatever tool you want, lovable cursor and just kind of see how quickly you can get to MVP.
And since you are listening to the space,
you are obviously already quite familiar with AI tools.
Choose one framework, copy paste, quick start,
and then go from there.
Just one quick follow up, if I may, before anybody else goes.
So Marco, when you say plugins, right,
I've tried so many different things, right?
Like I've tried lovable.
I've tried cursor.
Like in the non-technical mind, like I don't, I've never coded in my life, right?
So it's like I kind of have to learn some stuff on the fly.
How half baked is the MVP that you get to compared to like if you actually want to build it into like a real business?
It's quite half-baked, but it is.
Emails will go out.
You can have a super base integration.
You just copy-paste SQL codes.
The plugins that I mean is just like stuff.
It's actually called plugins, for example, in the Eliza repo.
And you can see kind of all kinds of applications that you can connect with the framework.
Okay, that's cool. Thank you.
Yeah, I would say though, it really depends on how much time you have.
Right. So if you are maybe the inquisitive type, you're like a challenge, you are capable to, like, through doing and really hands-on, but also through reading the code and through like
like literally hitting your head against the wall like every five minutes or every two minutes and try and figure out you know what's wrong and having you know potentially AI explain you what's wrong and then go through that process like it's really painstaking the first time you're going to do it the second time it's going to become you know last the third time it's going to be last but it's still pretty
like horrible experience if you ask me.
It's terrible,
bro,
because I do that,
but like one thing,
it's like asking me to read Japanese,
right?
Because it's like,
if it explained,
it doesn't explain it to me
in a normal way.
It explains it to me in,
in the technical sense.
And I'm like, okay, I don't know how to do this on a GitHub repo or I don't know how to do that in a terminal.
You know what I mean?
Like if you don't speak the language, that one little thing can have you banging your head against the wall for three days, which it has for me, my poor head.
Yeah.
Yeah.
Yeah, yeah, yeah, yeah, you're right. You're definitely right. And you also have to, I mean, before you engage, I do agree with Marco. You should at least try it because it gives you a very good understanding of how still difficult technology can be and you will not take developers for granted anymore if you if you try. However, however,
you also have to ask yourself, what are my objectives here?
Right? Like, am I able to spend like six to seven hours to try and figure this out and really understand it?
If so, then go for pipe coding and like at least start to understand the stack.
And then once you've understood like the basic structure of an agent from a code perspective,
you can then go into no code builder tools and then you can really start to like play around with things.
Because you have many of, you know, many pretty good ones.
For example, Defi, D-I-F-Y is one that I personally like, that I've used a lot.
That one is open source.
You can use it, you can deploy it relatively easily locally, but there's also, I think there's also an online version that you can use.
Maybe that requires some investment in terms of cost, I'm not sure.
But yeah, that's one that, like if you understand the stack,
if you understand the structure of an agent in code,
and then you go and use these no-code tools,
it will be very pleasant because then you understand like,
okay, if I do this, that is equivalent to that thing,
if I would write it in code, it's just now that's just essentially like drag and drop
where I just click a few bit buttons.
And you might, you know,
you might still have to write a unique piece of code as a block in your workflow,
but it becomes a lot more simple because it's not just pure code, right?
And everything is like pre-baked for you.
So you just are like, okay, I need to use this.
I need to use that tool or like, like, you know, it's just like a canvas editor.
However, what we're building is even more simple than that.
So I just reposted it to my, to my personal account.
I just sent an emoji on my personal account.
You can check this video.
There's a video where I actually, it's a nine minute video where I talk about our prompt to cluster tool.
So we build our own SDK, which is a agent collaboration framework.
So it doesn't really innovate on the agent creation level.
Like there's not like something really crazy or new.
It just makes it really simple.
So what you do is you describe.
a cluster of agents.
So you describe what you want your group of agents to be good at and what you wanted to do as cohesively as possible.
And then it will actually generate all of the agents using our framework on your behalf.
It will also identify the hierarchy between these agents who's supposed to do what, at what point in the process,
if you have described the process, is each agent supposed to, you know, like do specifically
But like what, right?
So if it's like for analysis, then what kind of analysis, what kind of agents are doing analysis, what kind of agents are doing the propagation of the information and so on.
So that is currently not available to the public, but it will be available to our agent license holders.
But it's just it's just really simple in terms of like get from A to like, you know, F.
from A to point F.
So you just jump from A to F.
You'll now have 10 agents.
You can now start playing around with their system prompts.
You can now connect the MCP servers that we have available
in our tool section and so on.
You can start tweaking your agents.
And then you can play around with it.
then eventually you'll be able to add a cluster to a swarm.
So what we're trying to do is we're trying to not really cater to the developer community,
but more cater to just like the regular user, you know, like somebody that wants to
spin up something within 15 minutes and then play around with it and then sit on it and
think about like, how can I improve this thing? Is this really something that I want to use?
as like a base one and then build it out from there there's still you know the opportunity for you to customize it and add custom code and so on but yeah i think um i think i agree with your pain points i'm not a super super technical person i know how to write some code but i just you know i just don't like it i just don't want to be bothered with it because
I just want to, you know, I have an idea.
I know what the output should be.
I know what the process should be.
I know how I can make it unique.
And I just want to like, you know, in natural language,
essentially explain that and be able to spin up like a team of agents that can start doing what I wanted to do.
Even if it's only like, you know, even if I'm only going to use it for like an hour or like two days or something like that, I still want to be able to do so.
That's it. That's exactly what I, that's exactly what I, and there's, there's thousands of people.
Like, I mean, I know this because I speak to countless of them every single day that are just like, I have this idea.
There's nothing like idea men are a dime a dozen, right? And I think the person or the platform or whatever that can crack this code of, I get the vibe coding thing.
And I appreciate that, Marco, too. But, Yannick, you're right. Like, the, the, in.
In order to be able to really genuinely, I think the thing that's really going to take off is the person that can crack the code of how to really use natural language to be able to do this shit, right, and actually have it build stuff like from start to finish.
I mean, I know we're not there yet, but I mean, everything you just rattled off was really cool.
But I think that's going to be the thing that cracked this code.
But I'm super excited to take a look at that post that you just put up, that you reposted.
So yeah, we'll definitely take a look.
I appreciate this insight.
I thank you very much.
This is really helpful.
Thank you very much for your question too.
That's a really nice question.
We're at the end of the road here, Philip already had to drop off and he had to leave.
I'm going to have to drop off as well, guys.
Thank you so much for joining us today.
It was a very nice and insightful session.
Finally, we didn't touch on truth for once, which I promised last session.
So I hope to see everybody in the next space, which is going to be in two weeks.
Dave, thanks for your question. Jif, thanks for being here, Victoria, too.
And as always, Marco, it was a pleasure to co-host with you.
Thank you everyone. Thanks for the evening.
Thanks for talking about truth.
Thank you all.
Bye-bye.
