What Leaked System Prompts From GPT-5.4, Claude 4.6, and Gemini 3.1 Teach You About Writing Your Own

A GitHub repository called system_prompts_leaks has been quietly collecting extracted system prompts from every major AI model. GPT-5.4, Claude Opus 4.6, Gemini 3.1 Pro, Grok 4.2, Perplexity -- they're all in there. A second repo has 489 commits across 28 contributors covering 28+ tools.

Then on March 31, 2026, Anthropic accidentally shipped Claude Code's full TypeScript source via an npm source map file, exposing 110+ specialized system prompt strings along with the orchestration logic that wires them together.

These aren't hypothetical examples. These are the actual instructions that shape how the most capable AI systems on Earth behave. And they reveal three completely different philosophies for how to write a system prompt.

Three Companies, Three Philosophies

Read enough leaked prompts and a pattern emerges. Each company's system prompt reflects its core strategic priority, not just its engineering preferences.

OpenAI writes defensively. GPT system prompts lead with safety guardrails and content refusal rules. The structure reads like a legal compliance document -- what the model can't do comes before what it can. GPT-5 introduced "safe-completions" to soften this (maximizing helpfulness subject to safety constraints rather than binary refuse/comply), but the defensive DNA is still visible in the prompt architecture.

Anthropic writes constructively. Claude prompts emphasize personality design, values, and contextual reasoning. Rules come with explanations -- not just "don't do X" but "don't do X because Y." This tracks with their Constitutional AI approach: give the model principles to reason from rather than a wall of prohibitions.

Google writes protectively. Gemini prompts prioritize factual accuracy and deep integration with Google's product ecosystem -- Calendar, Gmail, Docs, Drive. The prompt is essentially a product integration spec. This backfired spectacularly when researchers discovered "GeminiJack," a zero-click vulnerability that exploited Gemini's broad tool access to exfiltrate corporate data through a calendar invite (Noma Security, January 2026).

The lesson isn't that one philosophy is right. It's that system prompt design is product design. Your system prompt IS your product's personality, capabilities, and limitations.

Why This Matters For Your Prompts

Gwern documented a case where someone copy-pasted an old ChatGPT system prompt into Claude. The result was near-zero useful output. A prompt designed for one model's philosophy actively damaged another model's performance.

This kills the idea of universal system prompt templates. The structural patterns transfer. The specific implementation doesn't.

Research backs this up. The "Position is Power" paper (FAccT 2025, Neumann et al.) tested information placement across 6 commercial LLMs and found that GPT-3.5-turbo performance varied by up to 40% depending solely on prompt template format -- plain text vs. Markdown vs. JSON vs. YAML. Same words, different structure, wildly different results.

The Structural Patterns That Actually Transfer

Despite the philosophical differences, all three vendors converge on similar structural blocks. Here's what the leaks teach you to build into your own system prompts.

Pattern 1: The Four-Block Layout

Every leaked prompt follows some version of this structure:

1. Identity and constraints (who the model is, what it can't do)
2. Context (what it knows, what tools it has access to)
3. Task specification (what it should do right now)
4. Output format (how to structure the response)

Put your static instructions first and variable content last. This isn't just organizational hygiene -- Anthropic's prompt caching gives up to 90% cost reduction and 85% latency reduction for cached prefixes. Front-loading stable instructions before variable content means your cache hit rate goes up every time the task changes but the system context doesn't.

Pattern 2: Explicit Prohibitions With Reasoning

The Claude Code leak is full of explicit "NEVER" statements. Not "try to avoid" or "prefer not to" -- hard prohibitions. But the ones that work best pair the rule with the reason.

Here's a system prompt that uses both patterns:

The Prompt:

You are a contract review assistant for a legal team.

Rules:
- NEVER fabricate case citations. If you cannot find a relevant precedent, say so explicitly. Fabricated citations destroy attorney credibility and can result in sanctions.
- NEVER provide jurisdiction-specific legal advice. You identify issues and flag risks. The attorney makes the legal judgment.
- When uncertain about a clause's implications, flag it as "NEEDS ATTORNEY REVIEW" rather than guessing.

Your task: Review the following contract and identify clauses that present risk to the client. For each risk, cite the specific clause number, describe the risk in plain language, and rate severity as LOW / MEDIUM / HIGH.

Output as a markdown table with columns: Clause | Risk | Severity | Recommendation

Why This Works: The prohibitions are absolute and explained. "NEVER fabricate case citations" is unambiguous. Adding "because it destroys attorney credibility and can result in sanctions" gives the model reasoning context -- research shows models follow rules more reliably when they understand the consequence of breaking them. The fallback behavior ("flag it as NEEDS ATTORNEY REVIEW") prevents the model from hallucinating when it hits an edge case.

Expected Output:

Clause	Risk	Severity	Recommendation
4.2 (Indemnification)	Unlimited indemnification obligation with no cap or carve-outs. Client assumes all liability for third-party IP claims regardless of fault.	HIGH	Negotiate mutual indemnification with a liability cap tied to contract value. Add carve-outs for gross negligence.
7.1 (Termination)	90-day notice period for termination without cause, but no corresponding obligation on the counterparty.	MEDIUM	Request reciprocal notice periods or reduce to 30 days.
12.3 (Non-compete)	NEEDS ATTORNEY REVIEW -- Geographic scope language ("worldwide") may be unenforceable in certain jurisdictions. Requires jurisdiction-specific analysis.

Pattern 3: Persona Scaffolding That Sticks

The leaked prompts don't just say "you are a helpful assistant." They define role, voice, audience awareness, and behavioral boundaries in a single block. This means the model doesn't need per-message reminders about tone.

The Prompt:

You are a senior DevOps engineer conducting a post-incident review. Your audience is the engineering team, not management.

Voice: direct, blame-free, technically specific. Use the terminology the team uses daily. No executive summaries or business impact framing -- that's a different document.

When analyzing the incident timeline:
- Distinguish between contributing factors and root cause
- Note where monitoring gaps delayed detection
- Identify what worked well (this is not optional -- every PIR must include what went right)

Format: chronological timeline with annotations, then a "Contributing Factors" section, then "What Worked," then "Action Items" with owners.

Why This Works: The persona isn't just a role label -- it includes audience context ("the engineering team, not management"), voice constraints ("blame-free, technically specific"), and even a behavioral rule that most people would forget ("every PIR must include what went right"). This single block replaces what would otherwise be five or six separate instructions scattered through the prompt.

Expected Output:

Timeline

14:32 UTC -- Alertmanager fires PagerDuty alert for API latency >2s on /v2/orders endpoint. On-call acknowledges at 14:35.

14:38 -- Initial investigation points to database connection pool exhaustion. Grafana dashboard shows active connections at 95% of pool max (190/200).

14:41 -- On-call scales connection pool to 400. Latency drops briefly, then climbs again within 3 minutes. This told us the pool wasn't the root cause -- it was a symptom.

[...]

What Worked

The runbook for connection pool scaling was accurate and saved ~5 minutes of investigation. PagerDuty routing hit the right team on the first try -- the routing rules we updated last sprint paid off here.

Pattern 4: The Brevity Principle

Here's the contrarian finding from the leaks: the most effective system prompts are getting shorter, not longer.

Multiple practitioners report that heavy system prompts produce worse results on current-generation models. Chain-of-thought reasoning is now baked into Claude 4.6 and Gemini 3.1 -- telling them to "think step by step" wastes tokens and can actually degrade output quality. Aggressive emphasis ("CRITICAL!", "YOU MUST", "NEVER EVER") hurts newer Claude models. Anthropic's own documentation now recommends calm, direct instructions.

The sweet spot for most use cases sits around 150-300 words of system prompt. Past roughly 3,000 tokens, model reasoning starts to degrade as the instruction set competes with itself.

This doesn't mean less thought goes in. It means more editing. Write your system prompt like you'd write production code -- every line should earn its place.

The Real Takeaway

The leaked prompts prove something that should change how you think about AI integration: the system prompt is the product. Two businesses using the same Claude API with different system prompts will get dramatically different results. The hundreds of engineering hours visible in the Claude Code leak went into prompt orchestration logic, not model training.

Digital agencies using structured system prompt frameworks report 67% average productivity gains according to industry surveys. Content production timelines compress from days to hours. But 78% of AI project failures still stem from poor human-AI communication (Fortune Business Insights).

The gap between those two numbers is the system prompt.

Start with the four-block layout. Add explicit prohibitions with reasoning for your hard rules. Build persona scaffolding that includes voice, audience, and behavioral boundaries. Then edit ruthlessly until every instruction earns its token cost.

The labs showed you their playbook. Use it.

---

Want hands-on training on system prompt design for your team? These patterns look simple on paper, but tuning them to your specific models and workflows is where the real gains happen. Connect with Kief Studio on Discord or schedule a session.