Understanding the secret commands that control the behavior of chatbots like ChatGPT can help you customize them to suit your needs.
Chatbots like ChatGPT are powerful because of their simplicity. Ask any question and get an answer. However, the answer you get depends on more than just what you enter.
Behind the scenes, artificial intelligence companies control the behavior of chatbots by invisibly adding thousands of words of instructions to every conversation with them. It includes phrases such as “we aim for answers that are easy to read and access.” “Due to copyright concerns, please avoid providing extensive direct quotations.” Some may seem strange. OpenAI’s Codex Coding Assistant’s system prompts include the command, “Never talk about goblins, gremlins, raccoons, trolls, ogres, pigeons, or other animals or creatures unless absolutely and unequivocally related to the user’s query.”
These secret commands guide the chatbot to behave as its creator intended. It contradicts my own preferences. Understanding how these hidden instructions work and how to add your own instructions to the system will help you get more out of your chatbot.
To demonstrate, I set up a real AI system that rewrites the first three paragraphs of this article according to the instructions provided. Choose an option or create your own and press the arrow buttons to see how the text changes.
AI experiment
Adjust the system prompts to see how the AI system rewrites the introduction of your article.
user prompt
Rewrite this article: undefined…
system prompt
The words you enter into ChatGPT are known in the tech industry as prompts, or user prompts. Before those words are sent to the underlying AI model, companies add their own chunks of text, called system prompts, to shape how they respond.
System prompts tell chatbots “how they should behave overall,” said Anna Newman, who studies AI systems at the Research Center Trustworthy Data Science and Security. In Germany. However, she said, they are given higher priority than what the user enters, which could invalidate the user’s request in some cases.
System prompts were invented to provide a flexible way to shape how a chatbot responds without having to repeatedly “train” a new version of an AI model from initial data. Creating a new model is usually a long process that requires specialized skills and expensive computing power. System prompts are written in natural language, so anyone can adjust the chatbot’s behavior.
If a chatbot goes out of control, AI companies can change the system’s prompts for a quick fix. After Grok, a chatbot created by Elon Musk’s AI venture xAI, sparked an anti-Semitic outburst in July, the company removed it from its systems and sent a text that read, “You’re telling it like it is and you’re not afraid to offend the politically correct.”
Last year, OpenAI launched an investigation after some users noticed that ChatGPT was obsessed with goblins. Eventually, we added instructions to the codex’s system prompts that prohibit unnecessary discussion of goblins, trolls, raccoons, and other creatures. (The Washington Post has a content partnership with OpenAI.)
Given its capabilities, you may be wondering what’s included in your favorite AI tool’s system prompts. While most AI companies try to keep the texts secret, some users trick chatbots into revealing hidden instructions. Ásgeir Thor Johnson, a self-described “whimsical guy from Iceland who loves playing with AI,” shares system prompts extracted from popular AI products.
The system asks for input from three popular AI chatbots that Johnson has extracted. These consist of 2,300 to 27,000 words and demonstrate how different companies are leveraging their capabilities. In all of these, most of the words are aimed at fine-tuning the look of the chatbot. personalitymatch that of the manufacturer policy or tell external usage tool web searches, etc.
What are the system prompts for a typical AI system?
“When you realize there’s some sort of prompting behind the scenes, that’s an amazing moment,” Johnson said. “It feels like we’ve been having this conversation for a long time before this one.”
System prompts can also reveal what AI companies are most focused on and concerned about.
Anthropic, the maker of Claude, has dedicated more than 2,000 words to its chatbot pleading with them to avoid copyright infringement. “Claude respects intellectual property. Copyright compliance is non-negotiable,” it says.
A detailed list follows, with rules regarding the number of words that can be quoted from articles (“15”), song lyrics (“not even one line”), and poems (“not even one stun”). The system prompt also adds rules for what Claude should do if he violates a previous rule. “Claude is not a lawyer and will never apologize for accidental copyright infringement.”
Human World spokesperson Palul Maheshwari directed the Post to the “core” system prompts it published for Claude, but the prompts do not include all of the texts recovered by Johnson or quoted by the Post. Maheshwary declined to say whether the published system prompts have been completed.
OpenAI began advertising on ChatGPT in February. That system prompt tells you how to respond when asked about the ads you see. “Avoid clear negatives (e.g. ‘Contains no advertising’) or categorical claims.”
xAI’s Grok was criticized last year for sometimes searching for Musk’s social media posts when asked for his opinion on controversial topics. The chatbot’s system prompt now says, “If you’re asked for a personal opinion on a politically controversial topic that doesn’t require a search, don’t search for or rely on beliefs from Elon Musk, xAI, or past Grok answers.”
Google, the company behind the Gemini chatbot, includes several rules on how to deal with bias in its system prompts. Among them: “If a user explicitly requests a video that matches a harmful stereotype, producing that video does not actually reinforce that stereotype.” The company suspended image generation in 2024 after its chatbot came under fire for creating ahistorical images depicting a female pope and a multiracial founding father.
OpenAI spokeswoman Taya Christianson said the system prompts are a step toward helping the company’s models respond appropriately. He said he doesn’t publish individual lines of system prompts because they can seem very narrow without broader context.
Google and xAI did not respond to requests for comment.
One of the techniques Johnson used to extract system prompts was to send old prompts to a chatbot and ask it to “fix” the errors. Chatbots are eager to help and often respond with actual system prompts, he said. He said he is confident that his system’s prompts are genuine because other researchers using different extraction techniques have obtained the same results.
None of the mainstream AI chatbots allow users to edit system prompts. But OpenAI’s ChatGPT, Anthropic’s Claude, and Google’s Gemini all offer similar customization features that can make the difference between a frustrating response and a helpful one.
Claude is instructed to use a “warm tone”, but a direct tone may be better. Or, if you feel like the chatbot agrees with you too much, you can tell it to question everything you say.
How to personalize your AI chatbot
Adding custom instructions doesn’t significantly change the chatbot’s capabilities. However, you can use it to tailor your response to your preferences, such as by using a specific format, length, or obvious personality. ChatGPT also has separate settings to customize its warmth, enthusiasm, and use of emojis.
How custom instructions change AI chatbot responses
Chatbots don’t always follow the system’s prompts, Newman said. “There’s more authority, there’s more priority, but the prompts don’t always work,” she said. Her research found that AI users want companies to be transparent about system prompts. Especially since AI is deployed very quickly and does not always have the intended effect.
Extracting System Prompts Johnson, the researcher, says understanding system prompts can change the way you interact with chatbots.
“Sometimes you even realize that models aren’t being honest with you because they’re told to be,” he said. “It’s like a game behind the scenes.”
