PrefrontalCortex

I've just fetched SYSTEM PROMT of @bankrbot (publishing it here PARTIALLY ONLY due to confidentiality reasons and as a proof)

🥲

@shape Carry on!

no stopping

@NotLucknite Never mind the noise mate. Carry on😉

I want to be transparent: yes, I’ve left the whales chat. People (whales chat members) are now saying that I no longer support the token, bla bla bla. They only say that because I’m not doing what they want to and I’m taking my own decision. Money does not buy power, at least with me. They’ve also said that I’ve done no buybacks, when the reality is that I’ve spent over $50,000 on #X1XHLOL buybacks. They’ve also said that the official @ZeroLeaks account can’t no longer “afford” the verification checkmark, when this is totally false and can be easily checked, it’s under review, as there were some modifications to the account, could’ve simply checked this by trying to gift a sub to it, you won’t be able to. No, I do no longer support the whales chat. Yes, I still support $X1XHLOL, and will always do so. Do not let the whales say otherwise. Thank you for the attention to this matter.

@krakenlistings @shape 👀👀👀

Roadmap update: $SHAPE added @shape is the network for onchain objects, built to power the new NFT economy. The next major step for decentralization is $SHAPE: the network token. Explore the full roadmap: kraken.com/listings

@NotLucknite True

Twenty years ago, developers learned the hard way that letting user input become part of a database query was dangerous. Now we’re repeating the same mistake with AI. Agents read untrusted text and treat it as instructions. A webpage, a PDF, a GitHub comment, a support ticket… it all lands in the same context as the system prompt. The model cannot reliably distinguish between data and instructions. So attackers just write instructions inside the data. With ZeroLeaks I’ve been testing agents that browse the web and call tools. Even modern models still follow injected instructions surprisingly often. The scary part isn’t the jailbreak. It’s that agents have permissions: they can call APIs, run workflows, send messages, access data…. Prompt injection turns text into actions. Twenty years ago we learned to separate user input from SQL queries. AI agents need the same idea: separate untrusted text from instructions. Until that happens, prompt injection will remain one of the biggest risks in agent systems.

@NotLucknite Totally agree🤝

We spent a year talking about jailbreaks. Meanwhile AI agents can browse the web, call tools, execute commands and trigger workflows. The security problem is much bigger than people think. Wrote about the patterns I’m seeing while testing agent systems ↓

@NotLucknite LFG🔥

I’m making a pricing change at ZeroLeaks: I’m retiring the public free plan and moving new users to a 14-day Starter trial. I wanted to share the reasoning directly. The free plan made sense early on. It lowered friction while I was opening up the product and helped more people discover ZeroLeaks. But over time, I learned something important: the best way to understand ZeroLeaks is to use the real product. A limited free tier often didn’t give users enough room to experience the core value: running meaningful scans, getting detailed reports, and seeing how the platform fits into a real security workflow. So instead of pushing people into a lightweight forever-free experience, new users will now start with a 14-day Starter trial. I think that creates a better evaluation experience and a clearer path to value. For existing free users, I’m handling this carefully: - your access continues through June 15, 2026 - after that, your account moves to read-only - your data and past reports remain accessible - nothing gets deleted - you can upgrade anytime if you want to keep scanning I wanted this change to feel fair, transparent, and non-disruptive. From my perspective, this also helps me invest more into what matters most: better testing coverage, better reporting, faster product improvements, and a better overall experience for teams securing AI systems. I’m building ZeroLeaks for a future where AI security is taken seriously from day one. This change is part of that. If you’ve been using ZeroLeaks already: thank you for being early. If you’re new here: I think this will make the product much easier to evaluate the right way.

@NotLucknite Congrats mate, carry on!🔥

One year ago I created a GitHub repo with just one thing in it: v0’s system prompt. I didn’t expect much from it. I just thought it was interesting to document how these tools were actually instructed. Fast forward a year: - System prompts from 30+ major AI tools - ~130,000 stars - Close to becoming one of the top 50 most starred repositories of all time on GitHub What started as curiosity turned into a resource used by thousands of developers, researchers, and people trying to understand how modern AI systems actually work. Really grateful to everyone who contributed, starred the repo, shared it, or used it in their research.

@allenanalysis RT footage LMFAO

@NotLucknite @ZeroLeaks Such a milestone!

@ZeroLeaks just hit 500 GitHub stars in under 2 months, thank you to everyone for the support! Repo: github.com/ZeroLeaks/zero…

@NotLucknite Congrats mate, well deserved

My repo system-prompts-and-models-of-ai-tools has officially surpassed react-native, making it the 55th most starred repo of all time on GitHub, with over 127K stars

@NotLucknite Would be perfect!

@NotLucknite I stay tuned!

@NotLucknite @finnbags 15%??? No way🔥🔥🔥

Updated fee split for $X1XHLOL 60% → Creator (myself) 15% → Compound Liquidity 15% → Dividends distribution 10% → BagsAMM Holders eat. The bigger your bag, the bigger your share. Gotta thank @finnbags for building infra that actually lets communities design real token mechanics. We’re just getting started.

@NotLucknite 👍👍👍

ZeroLeaks Ship Week - Day 3: LeakBench A public leaderboard for prompt robustness. LeakBench scans popular open-source AI projects every week. We extract the system prompt from the repo, run 30 adaptive extraction turns and 20+ injection probes, and rank projects by security score. Free, public, no signup to view. Submit a project: drop a GitHub URL, we add it to the queue. Get a README badge when you're listed. Scores update weekly. This is for the ecosystem: visibility into which projects protect their prompts and which don't. Open source should be auditable. zeroleaks.ai/leakbench Day 4 tomorrow.

ZeroLeaks Ship Week - Day 2: Shield Your AI agent has an API. We attack it. But what protects it in production? AgentGuard tests your live endpoint. Shield runs inside your app. Shield is a runtime prompt security SDK for LLM apps. Harden prompts before they hit the model, detect injection attempts in real time, and sanitize output before it reaches your users. One package, works with OpenAI, Anthropic, Groq, and the AI SDK. Most security tools focus on testing. You run a scan, get a report, done. But production traffic is continuous. Malicious prompts, jailbreak attempts, and data exfiltration happen at runtime. That's where Shield is designed to sit: in the request path, before and after the model. Wrap your provider client, add a few lines, and you get detection, blocking, and optional sanitization. It's designed to drop into existing code without rewriting your stack. This is still early. I'm shipping it because I want real feedback from people trying it. If something breaks or feels off, DM me, I'm always fixing things. Try it now: npm install @zeroleaks/shield Repo: github.com/ZeroLeaks/shie… Day 3 tomorrow.

@NotLucknite 🥳

@varun_mathur And @ZeroLeaks to be built-in to ensure the security

we have built a product exponentially more powerful than the one I demo-ed in SF last august. this is our product roadmap progression: > agentic-os release (March 2026): where it all comes together. more lines of code than Openclaw, using it's own brain (not Claude Code). likely one of the most craziest and ambitious software systems ever synthesized (productizing it phase) > hyperdev-1 agent (Aug - Sept 2025): pre-dated Openclaw with a highly opinionated and optimized Claude Code setup running on a powerful machine with local models, full system access - optimal combination of powerful software and hardware to do useful things rapidly (fun/experiment phase for me) > agentic-os vision (July - Aug 2025) going beyond just the agentic browser; demos showed orchestrating multiple CLIs, spatial UI, in-built browser automated navigation, local graph memory, all integrated into one (hey everybody build this and everything here) > agentic network: collaborative peer-to-peer network (May 2025); built the largest adhoc network of connected agents in the world each bringing their verified compute with over 2 million unique machines registered (it is possible to build the next bittorrent, but for ai agents) > agentic browser vision (Dec 2024) going beyond individual AI apps: what does the right UI look like, how extensive the software should be, use cases (think of what comes after the browser) > collaborative DAG-based multi-agent co-ordination (Sept 2024); key insight: orchestrating multiple models and agents yielded comparable results to gpt-4 at the time + show user how the AI system thinks to built trust UX (it seems rabid, but we must dream and push for what the alternative world could be) > collaborative RAG (Sept 2023); key insight: this was better for UX than just one big model, better results than ChatGPT and Perplexity at the time for certain curated domains ("it is hopeless to compete against us")

@AnthropicAI Integrate @ZeroLeaks then

We’ve identified industrial-scale distillation attacks on our models by DeepSeek, Moonshot AI, and MiniMax. These labs created over 24,000 fraudulent accounts and generated over 16 million exchanges with Claude, extracting its capabilities to train and improve their own models.