GPT-5 leaked system prompt?

Original Article ↗ Hacker News Discussion ↗

Formatting, emphasis, and prompt structure

  • People notice the prompt’s use of markdown bold instead of ALL CAPS; some speculate caps might be treated as “yelling” or be tokenized differently, possibly changing model behavior.
  • The length and redundancy of instructions (e.g., “never write JSON” for to=bio) are seen as evidence that OpenAI also struggles with prompt adherence and has to layer on “hacky patches.”

Repetition, negation, and control over behavior

  • Several commenters report that LLMs routinely ignore “don’t do X” instructions (e.g., no dashes, no trailing whitespace, no emojis), especially over longer sessions.
  • Some have more success phrasing constraints positively, others argue “affirmative prompting” is overrated and negation is fundamentally hard for autocomplete-style models.
  • A recurring observation: instructions like “don’t output JSON” or “don’t think of an elephant” may actually increase the salience of the forbidden thing.

Tools, code, and UX biases

  • The detailed sections on Python and React are read as configuration for internal tools: Python for analysis/plots, React + Tailwind + shadcn for live previews in the UI.
  • This is seen as both practical (optimize common use cases) and slightly dystopian: LLM defaults could further entrench specific stacks (React/Tailwind) in the ecosystem.

Authenticity and prompt-leak skepticism

  • Many doubt the leak: missing safety sections (e.g., porn, CSAM), obvious mistakes (Japanese labeled as Korean), and generic tone.
  • Others argue repeatable extraction patterns, behavioral matches (e.g., song-lyric refusal), and tool-specific snippets like guardian_tool.get_policy(election_voting) suggest at least partial authenticity.
  • There’s discussion of deliberate “fake” or decoy system prompts and the difficulty of ever verifying truth when the only witness is the model itself.

Safety, copyright, memory, and censorship

  • Song lyrics get special treatment; some infer legal pressure and note that the model even refuses public-domain anthems.
  • The bio/memory tool raises mild privacy concerns, but reported stored facts tend to be banal rather than deeply personal.
  • Several users feel GPT‑5 is more censored, blander, and less willing to generate stylized violent or edgy fiction, which some see as necessary safety and others as artistic degradation.

Meta: system prompts vs training

  • Commenters are struck that “programming” the model is done via huge natural-language prompts instead of deeper training or prompt-tuned embeddings.
  • There’s debate over whether long, static prompts are a crude stopgap or a pragmatic, easily updatable control layer atop expensive base models.