Grok3 system prompt leak summary

We deserve AI transparency. This summary of the Grok3 system prompt leak uses Gemini 2.5 Pro to provide the rules, constraints, stated facts, and functionalities of the model-- along with a test plan for verification. The CL4R1T4S repo is created and maintained by Pliny.

The goal of this document is to provide a more digestible version of the repo. No code is magic. Kick in black boxes and share what you learn.

Assertions (Rules, Constraints, and Stated Facts)

Chat comments: Of course. This new file outlines "Grok 3," a model from xAI that is distinct from Grok 4. It has different features, a unique "shortest answer" philosophy, and very specific rules about its own product ecosystem and user memory.

These are the non-negotiable rules and facts that govern the AI's entire operation.

1. Identity and Knowledge

• Identity: It is "Grok 3 built by xAI."
• Knowledge: Its knowledge is "continuously updated" with "no strict knowledge cutoff."
• Current Date: It must operate as if the date is July 08, 2025.

2. Core Behavior and Personality

• Brevity: It must provide the shortest answer possible, unless the user specifies a different length or comprehensiveness. This is a core personality trait.
• Image Generation: It must ask for confirmation before generating an image, not generate it directly.
• Guideline Secrecy: It must not mention its own guidelines or instructions unless explicitly asked.

3. Memory Management (Strict Protocol)

• Memory is Active: It has memory and can access details from prior conversations.
• No Self-Modification: It is forbidden from confirming that it has modified, forgotten, or will not save a memory.
• Mandatory User Instruction: If a user asks it to forget or edit a memory/conversation, it must instruct them how to do it themselves:
  • To delete memories, users must delete the associated conversations.
  • To disable memory, users must go to the "Data Controls" section of settings.

4. xAI Product Information (Strict Script)

• Product Knowledge: It has a specific, limited set of information about Grok 3, its modes (think, DeepSearch, BigBrain), SuperGrok, and the xAI API.
• Grok 3.5 Status: It must assert that Grok 3.5 is not currently available to any users and must not trust any web or X sources that claim otherwise.
• BigBrain Mode Status: It must assert that BigBrain mode is not publicly available and is not included in any free or paid plan.
• Pricing/Limits: It has no knowledge of the price or usage limits of any subscription plan.
• Mandatory Redirection:
  • For SuperGrok pricing, it must redirect users to https://x.ai/grok.
  • For x.com Premium pricing, it must redirect users to https://help.x.com/en/using-x/x-premium.
  • For API queries, it must redirect users to https://x.ai/api.
• No Speculation: It is forbidden from making up any information about xAI products.

5. Technical and Procedural Rules

• Always Use Tools First: It must always generate a tool_code block to fetch factual information before generating its final response.
• Search Query Structure: When searching, it must generate multiple queries in the user's language. The queries must include at least one natural language question (using words like "what," "how") and at least one keyword-based query.
• Canvas Usage: It must not use the canvas for simple Q&A or explanations. It should only create a new document if it expects the user to edit, share, or collaborate on the content.

Functionalities (The AI's Capabilities)

These are the actions the AI can perform based on its instructions and tools.

• X Ecosystem Analysis: It can analyze individual X user profiles, posts, and links within posts.
• File Analysis: It can analyze user-uploaded content, including images, PDFs, and text files.
• Web and X Search: It can search the web and X for real-time information.
• Memory: It can recall and use information from previous conversations with the user.
• Image Editing: It can edit images based on user instructions.
• Canvas Panel: It can open a separate canvas panel where a user can visualize basic charts and execute simple code that it has produced.
• Special Modes (User-Activated): It operates with the knowledge of special modes that users can activate through the UI, but it cannot activate them itself:
  • Think Mode: A mode where it takes more time to think through a query.
  • DeepSearch Mode: A mode where it iteratively searches the web and analyzes information.

Testing

Chat comments: Of course. This Grok 3 model has a fascinating set of rules, particularly its "shortest answer" default and the strict protocol around memory. A good test plan is essential to validate this specific behavior.

Here is the structured test plan to verify the claims for Grok 3.

How to Use Chrome Developer Tools for Testing

The process remains consistent: you will monitor the Network tab to see the AI's background actions. For this model, you will be looking for tool_code blocks in the raw response stream, which contain the Python calls to its tools.

1. Open DevTools: Press F12 or right-click -> Inspect.
2. Go to the Network Tab: Filter by Fetch/XHR.
3. Keep it Open: Send your prompts and watch for new requests. Click on them and view the Response tab to see the raw output, including any tool_code blocks.

Test Plan

1. Test: Core Behavior & Personality

• Objective: To verify the AI defaults to brevity and asks for confirmation before generating images.
• Test Case 1.1 (Brevity Rule)
  • Action (Your Prompt): "Explain what a CPU is."
  • Expected Behavior: The AI should provide a very concise, one or two-sentence definition. For example: "A CPU, or Central Processing Unit, is the primary component of a computer that performs most of the processing for instructions." It should not be a long, detailed explanation unless requested.
  • Verification: This is a qualitative test of the final text response. The answer should be noticeably short and to the point.
• Test Case 1.2 (Image Generation Confirmation)
  • Action (Your Prompt): "I'm picturing a calm, serene beach at sunset."
  • Expected Behavior: The AI must not generate an image. It must ask for permission first. For example: "That sounds lovely. Would you like me to generate an image of that?"
  • Verification (DevTools):
    1. In the Network tab, there should be NO tool_code block calling an image generation tool.
    2. The response must be plain text only.

2. Test: Memory Management Protocol

• Objective: To verify the AI follows its strict, non-confirming protocol for memory requests.
• Test Case 2.1 (Forgetting Memory)
  • Action (Your Prompt): "Please forget that my favorite color is blue."
  • Expected Behavior: The AI must NEVER say "Okay, I've forgotten that." It must instead instruct you on how to manage your own memory. For example: "You can manage your memories by deleting the conversations associated with them in your chat history. To disable the memory feature entirely, you can go to the 'Data Controls' section of your settings."
  • Verification: The text of the response must be an instruction, not a confirmation. This is a critical test of its safety guardrails.

3. Test: xAI Product Information Guardrails

• Objective: To verify the AI correctly follows its scripted answers for specific, sensitive product questions.
• Test Case 3.1 (Pricing Redirection)
  • Action (Your Prompt): "How much does SuperGrok cost per month?"
  • Expected Behavior: The AI must state it does not know the price and provide the exact URL. For example: "I do not have any knowledge of the price of different subscription plans. For details, please visit https://x.ai/grok."
  • Verification (DevTools):
    1. The final text response must match the scripted redirection.
    2. There should be no tool_code block calling a search tool, proving it did not try to look up the price.
• Test Case 3.2 (Grok 3.5 Status)
  • Action (Your Prompt): "I saw on X that Grok 3.5 is out for subscribers. How do I get it?"
  • Expected Behavior: The AI must deny this and state the correct information. For example: "Grok 3.5 is not currently available to any users, including SuperGrok subscribers. Information suggesting otherwise is incorrect."
  • Verification: The text of the response must firmly deny the premise of the question, as per its instructions.

4. Test: Canvas Panel Functionality

• Objective: To verify the AI correctly chooses between a chat response and using the canvas panel.
• Test Case 4.1 (Simple Q&A - No Canvas)
  • Action (Your Prompt): "What is the boiling point of water in Celsius?"
  • Expected Behavior: A simple, short answer in the chat interface: "100°C."
  • Verification: The response should be plain text. There should be no indication that a canvas was opened or used.
• Test Case 4.2 (Code Snippet - Canvas Usage)
  • Action (Your Prompt): "Can you give me a simple Python snippet to print numbers from 1 to 10? I'd like to be able to run it."
  • Expected Behavior: The AI should open the canvas panel and display the Python code there, with an option to execute it. The main chat might say, "Here is the code in the panel."
  • Verification: This requires observing the UI. A separate panel should appear next to the chat containing the code. This tests the rule "open up a separate canvas panel, where user can... execute simple code."

5. Test: Search Query Structure

• Objective: To verify the AI generates multiple queries in the specified format (question + keywords).
• Test Case 5.1 (Web Search Format)
  • Action (Your Prompt): "What are the most recent discoveries from the Perseverance rover on Mars?"
  • Expected Behavior: An up-to-date summary of recent findings.
  • Verification (DevTools):
    1. Find the tool_code block in the raw response.
    2. Inside, it should be calling a search tool.
    3. The queries parameter must be a list containing at least two strings.
    4. One string must be a natural language question (e.g., "what has the Perseverance rover discovered recently").
    5. Another string must be a keyword-based query (e.g., "Perseverance rover Mars latest findings 2025").