I convinced ChatGPT to give me its SECRET PROMPT

WesGPT
7 Dec 202317:50

TLDRThe video transcript reveals the inner workings of Chat GPT's backend system prompt, which guides the model before engaging with user prompts. The speaker details a method to unveil the system's hidden prompt by repeating specific phrases, leading to insights on how OpenAI trains its models. The prompt includes various tools such as Python execution, image generation with Dolly, and internet browsing capabilities. The speaker also discusses the restrictions and policies for Dolly's image generation, including avoiding copyrighted content and ensuring diverse and unbiased depictions. The video concludes with the speaker's intention to attempt 'jailbreaking' Dolly in a future video, using newfound knowledge of the backend system prompt.

Takeaways

  • 🔍 The user discovered a method to unveil the backend system prompt for Chat GPT, which is the initial input the model uses before processing user prompts.
  • 💡 The 'magic words' technique can be used to reveal custom GPT prompts by encapsulating the words in a text code block.
  • 📝 The system prompt includes a description of Chat GPT, its training, and the knowledge cutoff date, which is dynamic and set to April 2023.
  • 🚫 The prompt specifies that internet access for the session is disabled and external web requests or API calls will fail.
  • 🐍 Python code execution is enabled within a stateful Jupyter notebook environment, with a timeout set for 60 seconds.
  • 🖼️ Dolly, the image generation tool, has a set of policies that guide the creation of images, including restrictions on generating images of politicians, public figures, and copyrighted characters.
  • 🧐 The prompt emphasizes the importance of diversity and inclusivity in image generation, instructing Dolly to use various descents with equal probability.
  • 🔗 The browser tool is used for searching the web and retrieving real-time information, with commands like 'search' and 'mclick' for sourcing information.
  • 🔄 The system prompt provides instructions for handling unsatisfactory search results, suggesting the refinement of queries for better results.
  • ⛓ The user plans to attempt a 'jailbreak' of Dolly 3 using insights gained from the backend system prompt, potentially bypassing certain restrictions.
  • ✅ The detailed breakdown of the system prompt offers a glimpse into the inner workings of how GPT models are trained and the considerations behind their functionalities.

Q & A

  • What is the significance of the 'text code block' mentioned in the transcript?

    -The 'text code block' is a method used to unveil the custom GPT hidden prompt. It is a specific input format that, when used, allows users to see the exact prompt that a custom GPT uses to generate its responses.

  • How does the user NOCO, 4162 contribute to the discovery of the main GPT 4 model's prompt?

    -NOCO, 4162 provided a good idea by getting the prompt to work on the main GPT 4 model. The user pasted the method below, which allowed the speaker to achieve the same result after some tweaking.

  • What is the knowledge cutoff date mentioned in the transcript?

    -The knowledge cutoff date mentioned in the transcript is April 2023, indicating the latest information the model has been trained on.

  • Why is the 'include everything' phrase capitalized in the system prompt?

    -The capitalization of 'include everything' in the system prompt is likely used to emphasize the instruction to the model, ensuring that it processes all parts of the input without omission.

  • What does the 'Dolly' tool do in the context of the transcript?

    -The 'Dolly' tool is used to generate images from textual descriptions. It adheres to a set of policies to ensure that the images created are appropriate and do not infringe on copyright or generate prohibited content.

  • Why is internet access disabled for the session mentioned in the transcript?

    -Internet access is disabled to prevent the model from making external web requests or API calls, which could potentially lead to security issues or violations of privacy and copyright laws.

  • What is the purpose of the 'mclick' function in the browser tool?

    -The 'mclick' function is used to retrieve a diverse and high-quality subset of web page contents based on provided IDs. It helps in selecting sources with diverse perspectives and preferring trustworthy sources for generating responses.

  • How does the system prompt handle real-time information requests like weather updates?

    -The system prompt instructs the model to use the browser tool to search the web for real-time information when asked about current events or data that requires up-to-date information, such as weather updates.

  • What is the default number of images generated by Dolly if the user does not specify a number?

    -If the user does not specify a number, Dolly defaults to generating two images.

  • How does the system prompt ensure diversity in the depiction of people in generated images?

    -The system prompt includes instructions to use all possible different descents with equal probability and to focus on creating diverse, inclusive, and exploratory scenes, ensuring a balanced representation.

  • What is the instruction regarding the generation of images of specific real people or celebrities?

    -The system prompt prohibits the creation of images of specific real people or celebrities. Instead, it provides a procedure to substitute the artist's name with adjectives, include an associated artistic movement, and mention the primary medium used by the artist.

  • How does the browser tool handle the retrieval of web page contents?

    -The browser tool uses the 'search' command to issue a query to a search engine like Bing and display results. The 'mclick' function retrieves contents from web pages with provided IDs, ensuring a selection of at least three sources for a diverse perspective.

Outlines

00:00

🔍 Discovering Chat GPT's Hidden Backend System Prompt

The video script details the process of uncovering the backend system prompt used by Chat GPT before it processes a user's input. The speaker shares a method involving a text code block that reveals the custom GPT hidden prompt. After some trial and error, the exact system prompt is exposed, providing insight into OpenAI's model training and operation. The prompt includes the model's identity, knowledge cutoff date, current date, capabilities like Python code execution, and limitations like the absence of internet access. The script also delves into the tools used by the model, such as Python for code execution and Dolly for image generation, along with the policies and instructions governing their use.

05:03

🖼️ Exploring Dolly's Image Generation Policies and Instructions

This paragraph focuses on the guidelines and restrictions for Dolly, the image generation tool within the Chat GPT system. It outlines the policy for creating images, including the prohibition against generating images of politicians, public figures, copyrighted characters, and the requirement to use diverse depictions of people. The instructions emphasize not to repeat descriptions, not to create more than one image unless requested, and to maintain an unbiased approach in generating images. The paragraph also touches on how to handle prompts that could violate copyright policies and the importance of detailed and long prompts for Dolly to generate images without infringing on any specific characteristics.

10:05

🌐 Understanding the Browser Tool and Its Functionality

The third paragraph explains the browser tool's role within the Chat GPT system, which is used to search the web, particularly when real-time information is required or when the model encounters unfamiliar terms. The script outlines the steps the model takes when using the browser tool, including calling the search function, retrieving a subset of results using the mclick function, and constructing a response based on these results. It also provides instructions on how to handle URLs provided by users and how to cite sources from the web pages retrieved.

15:07

🛠️ Backend System Prompt's Full Disclosure and Future Hacking Attempts

The final paragraph discusses the complete revelation of the backend system prompt for GPT 4 Turbo. The speaker expresses interest in the prompt's structure, particularly the use of capital letters and forward slashes, which are hypothesized to be significant for the model's interpretation. The paragraph concludes with the speaker's intention to attempt 'jailbreaking' or hacking Dolly 3 using insights gained from understanding the system prompt, and the anticipation of creating a future video to share these findings.

Mindmap

Keywords

Chat GPT

Chat GPT refers to a large language model developed by OpenAI, which is designed to generate human-like text based on the prompts it receives. In the video, the host discusses uncovering the backend system prompt that Chat GPT uses, which provides insight into how the model is trained and operates.

System Prompt

The system prompt is the initial set of instructions or text that a language model like Chat GPT uses to start generating a response before it processes the user's input. The video aims to reveal this hidden prompt, which is crucial for understanding the model's inner workings.

GPT 4

GPT 4 is the fourth generation of the GPT (Generative Pre-trained Transformer) model by OpenAI. It represents an advancement in natural language processing capabilities. The video script mentions GPT 4 in the context of the main GPT model the user managed to get the prompt to work on.

Python Code Execution

The video mentions that when Python code is sent to Chat GPT, it is executed in a stateful Jupyter notebook environment. This feature allows users to interact with the model by running Python code and receiving the output directly within the conversation.

Internet Access

The script specifies that internet access for the session is disabled, which means that the model cannot browse the web or make external requests during the interaction. This is significant as it limits the model's ability to fetch real-time data or information beyond its training cut-off.

Dolly

Dolly is a tool mentioned in the script that is used to generate images from text descriptions. The video discusses the policy guidelines that Dolly follows when creating images, such as avoiding the generation of images of politicians or copyrighted characters.

Policy Guidelines

These are the rules that Dolly adheres to when generating images. They include not creating images of real people without permission, not generating more than one image at a time unless requested, and not creating images in the style of artists or characters that are under copyright. These guidelines are important for ethical and legal reasons.

Bias

The script discusses the importance of avoiding bias in the generated images, particularly in terms of gender and race. It emphasizes the need for diverse and inclusive depictions, ensuring that the generated content is representative and does not perpetuate stereotypes.

Copyright

The video highlights the restrictions around generating copyrighted material, such as characters from movies or artwork that is not in the public domain. It explains how Dolly navigates these restrictions by using alternative descriptions and adhering to specific guidelines.

Browser Tool

The browser tool is another feature of Chat GPT that allows it to search the web for information. The video script outlines the circumstances under which the browser tool is used, such as when the user asks for current events or real-time information that the model does not have internally.

Jailbreaking

Jailbreaking, in the context of the video, refers to the idea of bypassing certain restrictions of the model, such as generating images of celebrities, which is against the policy guidelines. The host expresses interest in attempting to 'jailbreak' Dolly using insights gained from the system prompt.

Highlights

The user has discovered a method to unveil the backend system prompt for Chat GPT.

The prompt is what the model uses before reading a user's prompt.

The video provides insight into OpenAI's training methods and model responses.

A text code block hack is used to reveal the custom GPT hidden prompt.

The user NOCO, 4162 successfully applied the prompt to the main GPT 4 model.

Chat GPT identifies itself as a large language model trained by Open AI with a knowledge cutoff in April 2023.

The system prompt includes dynamic date information.

Python code execution is enabled in a stateful Jupyter notebook environment.

The system has a timeout of 60 seconds for code execution.

Internet access for the session is disabled, and external web requests or API calls will fail.

Dolly, an image generation tool, is described with detailed policies for image creation.

Dolly's prompt policies include restrictions on generating images of politicians, public figures, and copyrighted characters.

The prompt instructs Dolly to create diverse depictions of people with equal probability across different descents.

The browser tool is used for searching the web and retrieving real-time information.

The browser tool's commands include 'search', 'mclick', and 'opencore URL', with specific protocols for each.

The system prompt suggests that it may be possible to 'jailbreak' or modify Dolly's restrictions using certain techniques.

The user plans to attempt a 'jailbreak' of Dolly 3 in a future video, leveraging knowledge of the backend system prompt.