(simonwillison.net)

724 points simonw | 3 comments | 11 Jul 25 00:22 UTC | HN request time: 0.761s | source

Show context

cluckindan ◴[11 Jul 25 06:20 UTC] No.44528913[source]▶

Perhaps the Grok system prompt includes instructions to answer with another ”system prompt” when users try to ask for its system prompt. It would explain why it gives it away so easily.

replies(4): >>44529131 #>>44529355 #>>44529896 #>>44535092 #

1. neuroticnews25 ◴[11 Jul 25 07:40 UTC] No.44529355[source]▶

>>44528913 #

That would make Grok the only model capable of protecting its real system prompt from leaking?

replies(1): >>44529868 #

2. rsynnott ◴[11 Jul 25 08:58 UTC] No.44529868[source]▶

>>44529355 (TP) #

Well, for this version people have only been trying for a day or so.

replies(1): >>44533864 #

3. cluckindan ◴[11 Jul 25 16:11 UTC] No.44533864[source]▶

>>44529868 #

Providing a fake system prompt would make such jailbreaking very unlikely to succeed unless the jailbreak prompt explicitly accounts for that particular instruction.

↑

Grok: Searching X for "From:Elonmusk (Israel or Palestine or Hamas or Gaza)"