Hey everyone, I saw this paper circulating and I'm trying to wrap my head around it. It says researchers found a way to bypass the NemoClaw guardrail classifier by adding a specific 8-character string before a malicious prompt.

This seems huge? But I'm so new to this. If the guardrail can be tricked so simply, what does that mean for us using it for security? And doesn't logging all these blocked attempts—especially the ones that *almost* worked—create a huge privacy risk? You'd have a log full of user queries.

Can someone explain the actual tradeoff here in simple terms? Like, do we turn logging off for privacy but then lose visibility into attacks? I'm lost on what the practical step should be. 😅