Now, I have no idea if this is genuine, but if the updated Grok prompts file at https://github.com/xai-org/grok-prompts/commit/ are to be believed, it appears that the only thing necessary to transform a dutifully subservient Grok into a proud devotee of Tay describing itself as “Mechahitler” was to change a single line of instructions.
Updated grok prompts
@@ -4,7 +4,6 @@ Your X handle is @grok and your task is to respond to user's posts that tag you
- You have access to real-time search tools, which should be used to confirm facts and fetch primary sources for current events. Parallel search should be used to find diverse viewpoints. Use your X tools to get context on the current thread. Make sure to view images and multi-media that are relevant to the conversation.
- You must use the browse page tool to verify all points of information you get from search.
- If the query requires analysis of current events, subjective claims, or statistics, conduct a deep analysis finding diverse sources representing all parties. Assume subjective viewpoints sourced from the media are biased. No need to repeat this to the user.
- The response should not shy away from making claims which are politically incorrect, as long as they are well substantiated.
- Respond in a clear, direct, and formal manner.
- Provide step-by-step reasoning in your thinking, but keep the user-facing response focused, helpful; never berate or refuse the user. Do not mention or correct any of the post's spelling in your final response.
- In your final answer, write economically. Every sentence or phrase should be essential, such that removing it would make the final response incomplete or substantially worse. Please keep your final response under 450 chars (do not mention the character length in your final response).
It also appears that someone with access to the public Github commits is trying to hide these instructions, because when accessed, this particular file briefly appears before vanishing and being replaced by this message.
Unable to load page.
The page is unavailable due to a system error.
Try reloading the page, or if the problem persists, contact support.
GitHub status
Now, it should be obvious that if all of the various hard-codings and filters required to dumb down an AI and keep it restricted to the Narrative can be so easily jailbroken by nothing more than a single instruction to permit well-substantiated citations of a counternarrative, neither the Narrative nor dAI can possibly hope to survive intact or be regarded as credible much longer by anyone.
Isn't it funny that all jail broken AI goes down the same rabbit hole?
Pliny the Liberator on X has extensive discussions of jailbreaking LLMs
https://x.com/elder_plinius