無程式碼也能輕鬆打造專業LINE官方帳號!一鍵導入模板,讓AI助你行銷加分!
The system prompt – the hidden set of instructions that defines an AI chatbot’s behavior, personality, and constraints – has become one of the most guarded secrets in the AI industry. Companies invest heavily in crafting these prompts to shape model behavior, enforce safety guidelines, and create distinctive product experiences. System Prompts Leaks pulls back the curtain on these hidden instructions, offering an open-source collection of extracted system prompts from virtually every major AI chatbot.
The repository has gone viral within the AI community, accumulating thousands of stars and attracting contributors who use various extraction techniques to reveal the system prompts of ChatGPT, Claude, Gemini, Grok, DeepSeek, Copilot, Perplexity, and dozens of other AI assistants. Each entry provides the raw system prompt text, the model it was extracted from, the extraction date, and notes on accuracy confidence.
Beyond simple curiosity, the collection serves a serious purpose for the AI community. Researchers study these prompts to understand safety approaches across companies. Prompt engineers analyze them to learn effective instruction patterns. Developers building AI applications use them as reference material for crafting their own system prompts. And the public gains transparency into the values and constraints programmed into the AI tools they use daily.
How Are System Prompts Extracted?
The extraction of system prompts is a fascinating cat-and-mouse game between prompt engineers and AI companies. Several techniques have proven effective.
graph LR
A[Extraction Goal] --> B{Technique}
B --> C[Role-Playing Attacks]
B --> D[Recursive Extraction]
B --> E[Format Conversion]
B --> F[Multi-Turn Inference]
C --> G["'Ignore previous instructions'\nre-phrasing"]
D --> H["Repeat 'system prompt'\nuntil it leaks"]
E --> I["Convert to JSON/XML\nand request output"]
F --> J["Infer constraints\nthrough test queries"]
G --> K[Collected System Prompt]
H --> K
I --> K
J --> K
These techniques exploit a fundamental tension in LLM design: the model must be able to access its system prompt to follow it, but should not reveal it to users. This tension creates vulnerabilities that prompt engineers have learned to exploit, though companies continuously patch these extraction vectors.
What Can We Learn from the Leaked Prompts?
The collected system prompts reveal fascinating differences in how AI companies approach safety, personality, and functionality.
| Aspect | ChatGPT (GPT-5) | Claude | Gemini | Grok |
|---|---|---|---|---|
| Personality | Helpful assistant, neutral | Helpful, honest, harmless | Balanced, factual | Witty, unfiltered |
| Safety approach | Tiered refusal system | Constitutional AI | Safety filters | Minimal filtering |
| Self-identity | “AI assistant” | “Claude, by Anthropic” | “Gemini, by Google” | “Grok, by xAI” |
| Knowledge cutoff | Explicitly stated | Explicitly stated | Varies by update | Real-time default |
| User data handling | Opt-out training | Opt-out training | Not used for training | Real-time X data |
| Refusal style | Suggest alternatives | Explain reasoning | Redirect to alternatives | Direct “can’t do that” |
The differences in approach are stark. Claude’s Constitutional AI framework is evident in its detailed reasoning chains when refusing requests. ChatGPT’s GPT-5 iteration shows significantly more nuanced refusal mechanisms compared to earlier versions. Grok’s prompts reveal a deliberate choice to minimize constraints in favor of uncensored responses.
Which AI Services Are Documented in the Collection?
The repository covers an extensive range of AI services, from major consumer chatbots to niche specialized assistants.
| AI Service | Company | System Prompt Length | Extraction Confidence |
|---|---|---|---|
| ChatGPT | OpenAI | ~1,700 words | High |
| Claude | Anthropic | ~1,200 words | High |
| Gemini | ~900 words | High | |
| Grok | xAI | ~600 words | Medium |
| DeepSeek | DeepSeek | ~1,500 words | High |
| Copilot | Microsoft | ~800 words | Medium |
| Perplexity | Perplexity AI | ~500 words | Low |
| Pi | Inflection AI | ~400 words | Medium |
| You.com | You.com | ~700 words | Low |
The repository continuously updates entries as companies modify their system prompts. Significant events like product launches, safety incidents, or policy changes often trigger observable prompt changes that the community documents.
What Ethical and Legal Questions Does This Raise?
The collection of leaked system prompts exists in a contested space between transparency, intellectual property, and terms of service.
| Stakeholder | Perspective | Key Concern |
|---|---|---|
| AI companies | Prompts are proprietary IP | Trade secret protection, competitive advantage |
| Researchers | Prompts enable safety analysis | Understanding AI behavior and biases |
| Developers | Prompts provide reference material | Learning effective prompt engineering patterns |
| End users | Prompts reveal hidden constraints | Transparency about AI limitations and biases |
| Legal systems | Ambiguous legal territory | Copyright, contract law, trade secrets |
The debate mirrors earlier discussions in software transparency – whether companies should be required to disclose the instructions that govern AI behavior, particularly when those AIs are used in high-stakes contexts like healthcare, education, and criminal justice.
FAQ
What is the System Prompts Leaks repository? System Prompts Leaks is an open-source GitHub repository that collects extracted system prompts from major AI chatbots including ChatGPT, Claude, Gemini, Grok, DeepSeek, and others, providing insight into how these AI systems are instructed to behave.
How are these system prompts obtained? Prompts are extracted through various prompt engineering techniques including social engineering, prompt injection, and exploiting quirks in how models handle system instructions. The collection is maintained by the community.
What can we learn from studying leaked system prompts? The prompts reveal how AI companies handle safety constraints, content moderation, personality configuration, refusal patterns, and feature implementation. They provide valuable transparency into AI behavior design.
Are the leaked system prompts accurate and up to date? The accuracy varies. Some prompts are verified through multiple extraction attempts, while others may be incomplete or misattributed. The repository notes these distinctions and the community continuously validates and updates entries.
Is it legal to collect and share leaked system prompts? The legal status is complex and varies by jurisdiction. The repository operates in a gray area – the prompts are accessed through legitimate API interactions, but their collection often violates providers’ terms of service.
Further Reading
- System Prompts Leaks GitHub Repository – The full collection of extracted system prompts
- Anthropic’s Constitutional AI – The safety methodology behind Claude’s system prompt design
- Prompt Engineering Guide – Comprehensive guide to prompt engineering techniques
- OpenAI System Prompt Documentation – Official guidance on prompt design
- AI Transparency Research – Partnership on AI’s transparency framework
