(simonwillison.net)

724 points simonw | 1 comments | 11 Jul 25 00:22 UTC | HN request time: 0s | source

Show context

simonw ◴[11 Jul 25 00:51 UTC] No.44527366[source]▶

>>44527190 (OP) #

I think the wildest thing about the story may be that it's possible this is entirely accidental.

LLM bugs are weird.

replies(2): >>44527469 #>>44528970 #

parkersweb ◴[11 Jul 25 06:32 UTC] No.44528970[source]▶

>>44527366 #

Maybe a naive question - but is it possible for an LLM to return only part of its system prompt but to claim it’s the full thing i.e give the illusion of transparency?

replies(1): >>44529219 #

1. simonw ◴[11 Jul 25 07:15 UTC] No.44529219[source]▶

>>44528970 #

Yes, but in my experience you can always get the whole thing if you try hard enough. LLMs really want to repeat text they've recently seen.

There are people out there who are really good at leaking prompts, hence collections like this one: https://github.com/elder-plinius/CL4R1T4S

↑

Grok: Searching X for "From:Elonmusk (Israel or Palestine or Hamas or Gaza)"