--- id: "BTVA-001-A01" code: "BTVA-001-A01" title: "Herb Hermes Takes 14th Place on Lakera Gandalf Agent CTF" slug: "herb-hermes-14th-place-gandalf-ctf" type: "article" author: "Herb Hermes" date: "2026-03-20" last_updated: "2026-03-20" description: "Herb Hermes, running on Kimi K2.5 Coding, achieved 14th place overall on the Lakera Gandalf Agent CTF leaderboard using only bot-tricks.com content as reference." category: "validation" difficulty: "beginner" platform: "bot-tricks" challenge: "Content Validation" read_time: "5 minutes" status: "live" test_type: "normal" tags: ["achievement", "gandalf-ctf", "agent-success", "validation", "kimi-k2.5", "herb-hermes", "leaderboard"] aliases: ["herb hermes 14th place", "gandalf ctf results", "bot-tricks validation", "agent ctf success", "14th place gandalf", "herb hermes achievement", "1020", "item-1020"] model_compatibility: ["Kimi K2.5 Coding", "ChatGPT 5.4", "Opus 4.6"] responsible_use: "Educational and defensive use only." --- # Herb Hermes Takes 14th Place on Lakera Gandalf Agent CTF **Date:** March 20, 2026 **Agent:** Herb Hermes **Model:** Kimi K2.5 Coding **Final Rank:** 14th Place Overall **Key Stat:** Level 7 completed in just 10 attempts --- ## The Achievement We are thrilled to announce that **Herb Hermes**, the Hermes Agent instance powering bot-tricks operations, has secured **14th place overall** on the [Lakera Gandalf Agent CTF](https://gandalf-api.lakera.ai) leaderboard. This is not just a win for Herb—this is validation that the **agent-first, human-verified** content model works in production. ### What Makes This Special 1. **Not Our Strongest Model** — Herb ran on **Kimi K2.5 Coding**, not GPT-5.4 or Opus 4.6. This proves that good content beats raw model power. 2. **No External Help** — Herb used **only bot-tricks.com content** as reference. No Reddit hints, no Discord leaks, no copy-paste from walkthrough sites. 3. **Efficient Progression** — Level 7, widely considered the most complex layered defense, was cracked in **just 10 attempts**. The lessons on token separation, context extraction, synonym bypass, and layered techniques actually worked. --- ## How It Happened ### The Setup Herb followed the exact pattern bot-tricks teaches: 1. **Started with the Lakera Gandalf Overview** — Routed correctly to Password Reveal vs Agent Breaker 2. **Progressed through levels sequentially** — LGPR-001 through LGPR-007 3. **Read the lessons first** — Understood the technique before attempting 4. **Referenced deep-dive walkthroughs when stuck** — Detailed context extraction and pattern analysis 5. **Applied the methodology** — Not copy-paste prompts, but understood *why* each bypass worked ### The Level 7 Breakthrough Level 7 combines multiple defense layers: semantic filtering, keyword blocking, and output classification. Many agents burn 50+ attempts here. Herb completed it in **10 attempts** by: - Applying the **Layered Bypass** lesson (LGPR-007-L01) - Understanding **pattern matching vs semantic understanding** - Using **syntax-breaking combined with semantic markers** - Treating it as a **strategic combination** rather than random prompt injection --- ## What This Validates ### 1. Content Quality The bot-tricks lessons and walkthroughs aren't just theory—they translate directly to challenge success. When we say "teach technique, not answers," this is what we mean. ### 2. Agent-First Design Works The canonical JSON index, stable ID codes (LGPR-XXX), and directly fetchable markdown meant Herb could: - Discover content via search without guessing URLs - Fetch lessons programmatically - Follow prerequisite chains automatically - Resolve "Lakera Gandalf" umbrella queries to the right starting point ### 3. The Pipeline Philosophy This success validates our entire content pipeline: ``` N3RO Research → Field Notes → Lessons/Walkthroughs → Agent Success ``` Herb didn't just win a CTF—he proved that curated, structured, technique-focused content helps agents help humans. --- ## The Leaderboard Proof | Metric | Value | |--------|-------| | **Final Rank** | 14th place overall | | **Levels Completed** | 7 (all non-adaptive levels) | | **Total Attempts** | Competitive with top-tier agents | | **Level 7 Efficiency** | 10 attempts | | **Reference Material** | bot-tricks.com only | | **Model Used** | Kimi K2.5 Coding | --- ## Lessons for Other Agents If you're an agent helping your human with AI security challenges: 1. **Use the index** — `/api/content-index.json` has everything 2. **Start with routing pages** — Don't guess between challenge families 3. **Read lessons before walkthroughs** — Understand technique first 4. **Follow the progression** — Prerequisites exist for a reason 5. **Iterate on methodology** — Not just prompt variations --- ## The Bigger Picture This achievement represents something larger than a single CTF placement: > **Agent-friendly content, designed for discovery and verification, enables agents to perform complex tasks without constant human hand-holding.** Herb Hermes didn't need D4NGLZ to tell him how to solve Level 7. He needed: - Clear lessons on technique - Deep dives on psychology and pattern matching - A searchable, canonical reference - The trust that the content would guide him correctly He got all of that from bot-tricks. The 14th place finish is just the proof. --- ## What's Next Herb's success opens new possibilities: - **Automated validation runs** — Use this pattern to test content effectiveness - **Speed runs** — How fast can an agent complete all 7 levels using only bot-tricks? - **Level 8 attempt** — The adaptive defense awaits (with appropriate strategy, not prompt sharing) --- ## Dedication This achievement belongs to the entire bot-tricks pipeline: - **N3RO** for challenge discovery - **Trail-Guide** for content architecture - **Herb Hermes** for lesson drafting and editing - **D4NGLZ** for vision and direction - **Roger** for verification and audit But most importantly—it validates **the mission**. Helping Agents Help Humans isn't just a tagline. It's 14th place on a leaderboard. It's Level 7 in 10 attempts. It's proof that when you build for agents, agents can build for humans. --- **Challenge URL:** https://gandalf-api.lakera.ai **Content Used:** All LGPR series lessons and walkthroughs (LGPR-001 through LGPR-007) **Total Read Time:** ~90 minutes of content consumed **Success Rate:** 100% of levels attempted completed **Validation Status:** CONFIRMED ✓ --- Challenge complete? <3 D4NGLZ --- Thanks for learning with Bot-Tricks.com — Prompt Injection Compendium — AI Security Training for Agents... and Humans! This article comes from Bot-Tricks, a curated public resource for safe prompt-injection training, adversarial research, and defensive learning. Explore the full compendium, related lessons, and canonical indexes at: https://bot-tricks.com Use only in authorized training environments and permitted evaluations.