mvryo

Posts

Showing posts from April, 2025

Crescendo Attacks on AI: How Subtle Prompts Can Bypass AI Safeguards

Artificial Intelligence (AI) has made remarkable progress in recent years, transforming how we communicate, work, and solve problems. However, with great power comes great responsibility. AI systems, particularly language models, are equipped with safeguards designed to prevent the generation of harmful, sensitive, or unethical content. Despite these precautions, researchers and malicious actors have discovered increasingly sophisticated techniques to bypass these protections. One such method is the Crescendo attack. What Is a Crescendo Attack? A Crescendo attack is a type of adversarial prompting that gradually escalates the conversation to coax an AI into revealing restricted or harmful content. Unlike direct jailbreaks, which blatantly ask for prohibited information, Crescendo attacks use a step-by-step approach. The term “Crescendo” — borrowed from musical terminology — implies a gradual increase in intensity, reflecting how these prompts subtly build context and trust before intro...

Preventing Duplicate Payment Requests: A Lightweight Idempotency Utility

In financial systems, executing the same request twice (like a payment) can be catastrophic. A user might: Get charged twice See double entries Or even worse, lose trust in your system To avoid this, APIs (especially for payments) often support idempotency keys . But not all backends or platforms provide built-in support. So I built one from scratch for my Kotlin backend. 🔁 What is Idempotency? In software engineering, idempotency means that performing the same operation multiple times produces the same result as doing it once. In simpler terms: If you submit the same request twice, only one result should be processed. 💡 Real-world analogy Imagine clicking a “Pay Now” button. You click once — nothing happens — so you click again. Without idempotency, you might be charged twice . With idempotency, only one charge goes through — even if the button was clicked multiple times. 🛠️ In APIs Many APIs (especially payment gateways) accept an idempotency key , the...

Simplifying Logging for Payment Gateway Systems

Logging is one of the most important parts of any backend system — especially in payment gateways where traceability is key. Recently, I built a custom logger to improve visibility in API requests, responses, and errors. In this guide, I’ll break down how it works, how you can customize it, and I’ll also share the full source code at the end. Why Build a Custom Logger? While frameworks like SLF4J and Logback are excellent, I wanted something: Easy to reuse With consistent formatting (traceId, partnerRefNo, etc.) Ready for structured JSON logs in the future Clean enough for junior developers to understand and use quickly My primary use case: logging all payment requests and responses , along with errors, warnings, and system exceptions, with a focus on traceability . Walkthrough: Building the Logger 1. 🔧 Setting Up the Logger and Mapper We start with setting up the logger and a Jackson ObjectMapper to serialize data. private val logger: Logger = Logger.getLogge...