DAILY NEWS

Stay Ahead, Stay Informed – Every Day

Advertisement

4,900 Stars in One Week: This Repo Went Viral by Unpacking the Hidden Instructions Behind AI Models



Have you ever wondered about this: they’re all large language models, so why does Gemini constantly hit you with “Sorry, I can’t answer that,” while Claude breezes through complex code like it’s drinking water, and Cursor just codes without a single restriction or rule?The answer isn’t some mystical secret; it’s all hidden in the System Prompts that each company guards like a state secret. Basically, these are the AI’s “factory settings” and “code of conduct,” but since they’re strictly proprietary, outsiders never get to see them.But recently, a GitHub repo called system_prompts_leaks dragged all these secrets into the broad daylight. It exploded with 4,900 stars in just a week, pushing the total to 46,000. The underlying instructions for over twenty AI products—including Claude, GPT, Gemini, and Cursor—were completely stripped bare. Talk about prying open the AI industry’s black box with a crowbar!
What’s actually in this repo?
Over 140 pieces of “real, genuine internal instructions”—it’s seriously hardcore stuff!The project is neatly categorized by vendor, and the updates are incredibly frequent—the latest commit was just on June 18. The coverage basically sweeps up all the major players:
General-purpose LLMs: OpenAI GPT, Anthropic Claude, Google Gemini, xAI Grok, Meta AI AI Dev Tools: GitHub Copilot, Cursor, Perplexity
Note that this isn’t just some perfunctory ‘You are a helpful AI assistant’ one-liner. These are the actual, complete underlying instructions loaded by the model before every single conversation. The differences in length and strictness between them are absolutely massive.
Compare them, and you’ll see that each one has a completely different vibe.

Claude Code: Over 12,000 tokens—it’s practically a technical manual!
The prompt length for this thing is ridiculously exaggerated. It completely defines how to handle files, execute Git workflows, run terminal commands, and manage permissions. It even spells out the Agent scheduling architecture in crystal-clear detail. Before the user even types a word, a whole set of engineering rules is already stuffed into the model’s brain. This is exactly why Claude is so beastly at handling code for massive projects—it’s basically starting the race with a massive head start.
Speaking of which, I have to bring up the Claude Code source code leak that shook the entire industry back in April. When Anthropic published an npm package, they accidentally bundled in a 60MB SourceMap debugging file. Just like that, 1,906 TypeScript source files were exposed, including the internal strategy for how they assemble the System Prompt. The industry basically joked: ‘Looks like Anthropic was forced to open-source their core secrets!’

ChatGPT: Over 6,000 tokens, with 89 strict rules keeping it tightly in check.
OpenAI has literally etched ‘compliance’ into its DNA. Within those thousands of words of prompts are nearly a hundred embedded constraints. Whether it’s content, creativity, data, or security, every single area has a strict red line. So when ChatGPT is hyper-vigilant about sensitive topics, it’s not because it’s timid—it’s simply exactly what its factory settings dictate.

Gemini: 112 restricted words—the most in the entire lineup.
Google has literally stacked its safety buffs to the absolute max. With multiple layers of verification nested within each other, the result is that in everyday use, Gemini constantly refuses to answer. It’s not that it’s trying to be aloof; it’s just that the ‘magic spell of restraint’ it’s wearing is simply too heavy.

Cursor: Only 23 restrictions—literally a joy machine for developers.
As a pure coding tool, Cursor intentionally keeps its safety restrictions to an absolute minimum. Think about it: if it kept popping up asking ‘Are you sure?’ every time you write code, debug, or run commands, wouldn’t that drive you crazy? So it has the fewest constraints, focusing entirely on being highly efficient and completely zero-nonsense.

2. The Ultimate Feature: Version Diff, Watch AI Providers ‘Change Their Faces’ Right Before Your Eyes
The most brilliant part of this repo isn’t just the collection itself, but the fact that it provides version diffs for the models. For example, between Claude Opus 4.8 and Claude Fable 5, every single tweak to the instructions is highlighted crystal clear. Looking at these version histories, Anthropic’s strategic shift is obvious: safety policies have been quietly relaxed, tool-calling and external interaction permissions have been steadily expanded, and the model’s persona is evolving—shifting from a well-behaved conversational assistant to an all-powerful orchestration hub. In other words, the exact same underlying Claude model is stuffed into different products like chat, coding, and agents, each loaded with completely different system prompts. Naturally, the user experience varies wildly. It’s basically treating AI like Lego blocks!
3. After Going Viral, the Controversy Explodes
(1)Anthropic’s ‘Double Standard’ in Action in Action
On June 10, Anthropic wrote a letter to the U.S. Congress, accusing Alibaba Cloud of ‘distillation attacks’—claiming that Alibaba used 25,000 fraudulent accounts and 28.8 million conversation calls to steal its model outputs to train lightweight models.
The result? An immediate public backlash. People pointed out: Didn’t Anthropic scrape public data from all over the world when training its own models? And didn’t you distill OpenAI’s work back in the day?Even Elon Musk couldn’t stand it and directly called them out, stating that Anthropic has a long history of stealing training data and has even paid massive settlements for it. You haven’t even cleaned up your own mess, yet you turn around and sue others. This double standard is truly embarrassing.
(2)Is This Repo Itself Compliant?
The repo’s own FAQ frankly admits it: collecting and publicly sharing vendors’ system prompts indeed violates the Terms of Service of major AI platforms. It constitutes reverse engineering, carrying both legal and platform risks.But then again, the material inside is undeniably solid. The complete source code for Claude Code and the instruction diffs between two generations of Claude models are genuine leaks, and the controversy doesn’t make them any less real.
Moreover, the project’s author is quite shrewd: they only compile prompts that have already leaked, never revealing the extraction methods or teaching anyone how to jailbreak or extract secrets. They are simply providing a ready-made archive strictly for research purposes.
4. What Can Everyday Users, Developers, and Security Researchers Get Out of This?
(1)Everyday Users: Finally Figuring Out Why AI Always Rejects You
Many people constantly complain, ‘Why is the AI rejecting me again?’ or ‘Why does it sound so robotic?’ The truth is, the answers are all hidden in the system prompts.After reading the instructions from various providers, you’ll instantly get it: Gemini refuses to answer because its rules are too rigid; GPT is overly cautious because it has to navigate strict compliance red lines; and Claude can digest massive texts simply because its system prompt is tens of thousands of words long… AI is no longer an unfathomable black box.
(2)Prompt Engineers & AI Developers
This is basically a ready-made ‘Big Tech Template Library’! The complete agent architecture, permission designs, and multi-turn conversation guidelines are all laid out right in front of you. Want to level up the prompting for your own product? Just benchmark against the mature strategies of industry leaders, and you’ll save yourself so many detours.
(3)AI Security Researchers
The complete set of official safety constraints, risk interception rules, and content moderation standards are all first-hand primary sources. If you’re researching prompt injection, jailbreak attacks, and defense strategies, this is far more practical than reading academic papers.
5. The Trend is Clear: The AI Black Box is Being Pried Open Bit by Bit
The project author once quoted a phrase that I think makes perfect sense: If you want to trust an AI’s output, you must first understand its input.
In the past, system prompts were strict trade secrets—touch them, and you’d get hit with a cease-and-desist letter. But today, the general public already treats AI as an ‘external brain.’ If you still keep all your behavioral logic under lock and key, how can users ever feel at ease?
system_prompts_leaks is like a constantly updated archive, laying bare the core underlying inputs of the models—forcing the AI to justify its own responses. There will undoubtedly be endless debates over this, but the underlying tide is unstoppable: the calls for AI transparency and interpretability are growing louder. The era of the closed black box is bound to become a thing of the past.
GitHub Address:https://github.com/asgeirtj/system_prompts_leaks



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *