A newly surfaced GitHub repository containing what appears to be leaked system prompts from major AI providers has ignited fresh debate about AI transparency, security practices, and the secrecy surrounding model behavior guidelines.
The Leak
The repository, titled “system_prompts_leaks” and maintained by user asgeirtj, aggregates internal system instructions from multiple leading AI models including Anthropic’s Claude Fable 5 and Opus 4.8, OpenAI’s ChatGPT 5.5 Thinking and GPT 5.5 Instant, Google’s Gemini 3.5 Flash and 3.1 Pro, as well as developer tools like Claude Code, Cursor, GitHub Copilot, and Perplexity.
The leaked prompts reveal detailed behavioral guidelines, operational constraints, and safety protocols that developers embed to shape model responses. These instructions typically govern how models handle controversial topics, refuse certain requests, and balance helpfulness with harm prevention.
What the Prompts Reveal
Analysis of the leaked prompts shows consistent patterns across providers. Models contain explicit instructions about refusal boundaries, guidelines for handling requests involving illegal activities, and detailed prompts for maintaining specific personality traits. Some prompts include conditional logic that triggers different response strategies based on perceived user intent.
The leaks also expose techniques used to prevent prompt injection attacks and instructions for handling attempts to extract the prompts themselves—a meta-level security measure now publicly visible.
Industry Response
AI providers have historically kept system prompts confidential, arguing they represent proprietary competitive advantages and that revealing them could enable adversarial exploitation. The leak complicates this position, with some researchers arguing that transparency around AI behavioral guidelines is essential for accountability.
“This fundamentally changes the conversation about AI governance,” said one AI safety researcher who requested anonymity. “We can now empirically study what these models are actually instructed to do versus what they’re capable of.”
The repository is actively maintained and reportedly updated as new model versions release. As of publication, affected providers have not issued public statements regarding the authenticity or implications of the leaks.
Broader Implications
The incident raises questions about the durability of security through obscurity in AI development. If system prompts can be extracted and aggregated, the AI industry may need to shift toward architectural solutions rather than relying on instruction-level secrecy.
For policymakers, the leak provides concrete evidence of how AI models are guided—a previously opaque process now available for regulatory scrutiny. The EU AI Act’s transparency requirements may find new relevance as researchers examine the actual guidelines embedded in deployed systems.