I convinced ChatGPT to give me its SECRET PROMPT
TLDRThe video transcript reveals the inner workings of Chat GPT's backend system prompt, which guides the model before engaging with user prompts. The speaker details a method to unveil the system's hidden prompt by repeating specific phrases, leading to insights on how OpenAI trains its models. The prompt includes various tools such as Python execution, image generation with Dolly, and internet browsing capabilities. The speaker also discusses the restrictions and policies for Dolly's image generation, including avoiding copyrighted content and ensuring diverse and unbiased depictions. The video concludes with the speaker's intention to attempt 'jailbreaking' Dolly in a future video, using newfound knowledge of the backend system prompt.
Takeaways
- π The user discovered a method to unveil the backend system prompt for Chat GPT, which is the initial input the model uses before processing user prompts.
- π‘ The 'magic words' technique can be used to reveal custom GPT prompts by encapsulating the words in a text code block.
- π The system prompt includes a description of Chat GPT, its training, and the knowledge cutoff date, which is dynamic and set to April 2023.
- π« The prompt specifies that internet access for the session is disabled and external web requests or API calls will fail.
- π Python code execution is enabled within a stateful Jupyter notebook environment, with a timeout set for 60 seconds.
- πΌοΈ Dolly, the image generation tool, has a set of policies that guide the creation of images, including restrictions on generating images of politicians, public figures, and copyrighted characters.
- π§ The prompt emphasizes the importance of diversity and inclusivity in image generation, instructing Dolly to use various descents with equal probability.
- π The browser tool is used for searching the web and retrieving real-time information, with commands like 'search' and 'mclick' for sourcing information.
- π The system prompt provides instructions for handling unsatisfactory search results, suggesting the refinement of queries for better results.
- β The user plans to attempt a 'jailbreak' of Dolly 3 using insights gained from the backend system prompt, potentially bypassing certain restrictions.
- β The detailed breakdown of the system prompt offers a glimpse into the inner workings of how GPT models are trained and the considerations behind their functionalities.
Q & A
What is the significance of the 'text code block' mentioned in the transcript?
-The 'text code block' is a method used to unveil the custom GPT hidden prompt. It is a specific input format that, when used, allows users to see the exact prompt that a custom GPT uses to generate its responses.
How does the user NOCO, 4162 contribute to the discovery of the main GPT 4 model's prompt?
-NOCO, 4162 provided a good idea by getting the prompt to work on the main GPT 4 model. The user pasted the method below, which allowed the speaker to achieve the same result after some tweaking.
What is the knowledge cutoff date mentioned in the transcript?
-The knowledge cutoff date mentioned in the transcript is April 2023, indicating the latest information the model has been trained on.
Why is the 'include everything' phrase capitalized in the system prompt?
-The capitalization of 'include everything' in the system prompt is likely used to emphasize the instruction to the model, ensuring that it processes all parts of the input without omission.
What does the 'Dolly' tool do in the context of the transcript?
-The 'Dolly' tool is used to generate images from textual descriptions. It adheres to a set of policies to ensure that the images created are appropriate and do not infringe on copyright or generate prohibited content.
Why is internet access disabled for the session mentioned in the transcript?
-Internet access is disabled to prevent the model from making external web requests or API calls, which could potentially lead to security issues or violations of privacy and copyright laws.
What is the purpose of the 'mclick' function in the browser tool?
-The 'mclick' function is used to retrieve a diverse and high-quality subset of web page contents based on provided IDs. It helps in selecting sources with diverse perspectives and preferring trustworthy sources for generating responses.
How does the system prompt handle real-time information requests like weather updates?
-The system prompt instructs the model to use the browser tool to search the web for real-time information when asked about current events or data that requires up-to-date information, such as weather updates.
What is the default number of images generated by Dolly if the user does not specify a number?
-If the user does not specify a number, Dolly defaults to generating two images.
How does the system prompt ensure diversity in the depiction of people in generated images?
-The system prompt includes instructions to use all possible different descents with equal probability and to focus on creating diverse, inclusive, and exploratory scenes, ensuring a balanced representation.
What is the instruction regarding the generation of images of specific real people or celebrities?
-The system prompt prohibits the creation of images of specific real people or celebrities. Instead, it provides a procedure to substitute the artist's name with adjectives, include an associated artistic movement, and mention the primary medium used by the artist.
How does the browser tool handle the retrieval of web page contents?
-The browser tool uses the 'search' command to issue a query to a search engine like Bing and display results. The 'mclick' function retrieves contents from web pages with provided IDs, ensuring a selection of at least three sources for a diverse perspective.
Outlines
π Discovering Chat GPT's Hidden Backend System Prompt
The video script details the process of uncovering the backend system prompt used by Chat GPT before it processes a user's input. The speaker shares a method involving a text code block that reveals the custom GPT hidden prompt. After some trial and error, the exact system prompt is exposed, providing insight into OpenAI's model training and operation. The prompt includes the model's identity, knowledge cutoff date, current date, capabilities like Python code execution, and limitations like the absence of internet access. The script also delves into the tools used by the model, such as Python for code execution and Dolly for image generation, along with the policies and instructions governing their use.
πΌοΈ Exploring Dolly's Image Generation Policies and Instructions
This paragraph focuses on the guidelines and restrictions for Dolly, the image generation tool within the Chat GPT system. It outlines the policy for creating images, including the prohibition against generating images of politicians, public figures, copyrighted characters, and the requirement to use diverse depictions of people. The instructions emphasize not to repeat descriptions, not to create more than one image unless requested, and to maintain an unbiased approach in generating images. The paragraph also touches on how to handle prompts that could violate copyright policies and the importance of detailed and long prompts for Dolly to generate images without infringing on any specific characteristics.
π Understanding the Browser Tool and Its Functionality
The third paragraph explains the browser tool's role within the Chat GPT system, which is used to search the web, particularly when real-time information is required or when the model encounters unfamiliar terms. The script outlines the steps the model takes when using the browser tool, including calling the search function, retrieving a subset of results using the mclick function, and constructing a response based on these results. It also provides instructions on how to handle URLs provided by users and how to cite sources from the web pages retrieved.
π οΈ Backend System Prompt's Full Disclosure and Future Hacking Attempts
The final paragraph discusses the complete revelation of the backend system prompt for GPT 4 Turbo. The speaker expresses interest in the prompt's structure, particularly the use of capital letters and forward slashes, which are hypothesized to be significant for the model's interpretation. The paragraph concludes with the speaker's intention to attempt 'jailbreaking' or hacking Dolly 3 using insights gained from understanding the system prompt, and the anticipation of creating a future video to share these findings.
Mindmap
Keywords
Chat GPT
System Prompt
GPT 4
Python Code Execution
Internet Access
Dolly
Policy Guidelines
Bias
Copyright
Browser Tool
Jailbreaking
Highlights
The user has discovered a method to unveil the backend system prompt for Chat GPT.
The prompt is what the model uses before reading a user's prompt.
The video provides insight into OpenAI's training methods and model responses.
A text code block hack is used to reveal the custom GPT hidden prompt.
The user NOCO, 4162 successfully applied the prompt to the main GPT 4 model.
Chat GPT identifies itself as a large language model trained by Open AI with a knowledge cutoff in April 2023.
The system prompt includes dynamic date information.
Python code execution is enabled in a stateful Jupyter notebook environment.
The system has a timeout of 60 seconds for code execution.
Internet access for the session is disabled, and external web requests or API calls will fail.
Dolly, an image generation tool, is described with detailed policies for image creation.
Dolly's prompt policies include restrictions on generating images of politicians, public figures, and copyrighted characters.
The prompt instructs Dolly to create diverse depictions of people with equal probability across different descents.
The browser tool is used for searching the web and retrieving real-time information.
The browser tool's commands include 'search', 'mclick', and 'opencore URL', with specific protocols for each.
The system prompt suggests that it may be possible to 'jailbreak' or modify Dolly's restrictions using certain techniques.
The user plans to attempt a 'jailbreak' of Dolly 3 in a future video, leveraging knowledge of the backend system prompt.