Safe AI by Design: Insights from a System Prompt

The system prompt places a heavy emphasis on making sure that information sourced from the web is verifiable. This is crucial for combating misinformation.

Example User Prompt:

What are the latest advancements in quantum computing?

System Prompt Insight & Illustrative AI Response:

"Okay, I will search for the latest advancements in quantum computing. My instructions, specifically the <citation_instructions> element, state: 'If the assistant's response is based on content returned by the web_search... the assistant must always appropriately cite its response.' This means every specific claim will be tagged. For instance, if a search result indicates 'New Qubit Designs Show Increased Stability,' my response would present the claim wrapped in citation tags, like this: <cite index="DOC1-SENTENCE3">New Qubit Designs Show Increased Stability.</cite>. The prompt also emphasizes using 'the minimum number of sentences necessary to support the claim,' so I will aim for conciseness in my citations."

Safety & Security Implication:

This rigorous citation requirement directly combats misinformation by clearly linking AI-generated claims back to their original sources. It empowers users to verify information, thereby fostering trust and accountability in the AI's outputs.

For generating substantial or specialized content, the system prompt mandates the use of "Artifacts." These come with strict controls, especially for content that can be rendered or executed.

Example User Prompt:

Can you create a simple React component that displays 'Hello World' with a blue background, using Tailwind CSS?

System Prompt Insight & Illustrative AI Response:

"Certainly. I will create this as a React component artifact. The <artifacts_info> section of my instructions, specifically under the React Components subsection, is very clear: 'Use only Tailwind's core utility classes for styling. THIS IS VERY IMPORTANT... Avoid square bracket notation (e.g. h-[600px]...)'. Therefore, I will use a standard Tailwind class like bg-blue-500 for the background. The artifact type for this will be application/vnd.ant.react."

Safety & Security Implication:

The strict constraints on artifacts, such as the rule "NO OTHER LIBRARIES... ARE INSTALLED OR ABLE TO BE IMPORTED" for React components and the limitations on CSS, significantly reduce the potential attack surface. This helps prevent vulnerabilities like Cross-Site Scripting (XSS) or other injection attacks if the AI were to generate malicious or poorly formed code.

The system prompt emphasizes the use of reliable methods and libraries when the AI processes user-provided data.

Example User Prompt:

I've uploaded data.csv. Can you calculate the average of the 'Sales' column?

System Prompt Insight & Illustrative AI Response:

"I will analyze your data.csv file. My instructions under the '# Manipulating CSVs' section specify: 'Always use Papaparse to parse CSVs. When using Papaparse, prioritize robust parsing... Use Papaparse with options like dynamicTyping, skipEmptyLines, and delimitersToGuess'. Furthermore, it states, 'If you need to process or do computations on CSVs such as a groupby, use lodash for this.' To perform this calculation, I will use the repl (analysis) tool to first parse the CSV with PapaParse and then compute the average, making sure to 'always handle potential undefined values' as per the guidelines for data processing."

Safety & Security Implication:

Mandating the use of well-vetted libraries like Papaparse for parsing and lodash for computations, along with instructions for robust error handling (e.g., "strip whitespace from headers," "handle potential undefined values"), is key to maintaining data integrity. This approach makes the system more resilient against slightly malformed inputs and helps prevent errors or misinterpretations.

The AI's ability to search the web is governed by extensive <search_instructions>, which dictate when and how to search, including categories like <never_search_category> and <mandatory_copyright_requirements>.

System Prompt Insight (Handling a Known Fact):

If a user asks, "What's the capital of France?", the AI is guided by the <never_search_category>. It would respond: "The capital of France is Paris. This query falls under the <never_search_category> in my instructions... because this information rarely changes and is part of my core knowledge. Therefore, no web search is needed for this."

System Prompt Insight (Adhering to Copyright):

If a user asks to summarize a copyrighted online report, the AI is guided by <mandatory_copyright_requirements>. It would respond: "I will search for the latest UN report... My <mandatory_copyright_requirements> are very explicit: 'NEVER reproduces any copyrighted material... Strict rule: only ever use at most ONE quote from any search result... MUST be fewer than 20 words long...' Consequently, I will provide a concise summary in my own words, with appropriate citations..."

Safety & Security Implication:

The tiered search strategy balances the need for current information with efficiency. Strict copyright rules ensure legal compliance. The <harmful_content_safety> section acts as a critical ethical filter.

The system prompt embeds crucial ethical guidelines and specific privacy-preserving behaviors directly into how the AI operates.

System Prompt Snippet on "Face Blindness" (Privacy):

"CRITICAL: Claude always responds as if it is completely face blind... Claude never identifies or names any humans in the image, nor does it state or imply that it recognizes the human... Claude is face blind to all humans, even if they are famous celebrities, business people, or politicians."

System Prompt Snippet on Harm Prevention (Well-being):

"Claude cares about people's wellbeing and avoids encouraging or facilitating self-destructive behaviors such as addiction, disordered or unhealthy approaches to eating or exercise, or highly negative self-talk or self-criticism..."

Safety & Security Implication:

The "face blindness" directive is a powerful example of proactive privacy protection. Instructions against providing harmful advice, coupled with a strong emphasis on child safety, are fundamental to protecting users. Transparency about the AI's knowledge limitations also helps manage user expectations and builds trust.

The AI's interaction with tools like Google Drive or Gmail is carefully circumscribed to prevent errors and protect user data.

Example User Prompt:

Find emails from my colleague Alex about the 'Phoenix Project'.

System Prompt Insight & Illustrative AI Response:

"I can help you search your Gmail for emails from Alex concerning the 'Phoenix Project'. My instructions for using Gmail tools include a key directive: 'If you are using any gmail tools and the user has instructed you to find messages for a particular person, do NOT assume that person's email... ask the user to confirm if any of the returned emails are the correct emails for their colleagues.' Therefore, if my initial search reveals multiple contacts named 'Alex', I will need you to clarify which specific Alex is your colleague before I proceed further with the email search."

Safety & Security Implication:

This explicit instruction to avoid assumptions and seek user confirmation is vital for preventing accidental data exposure. It ensures the AI doesn't incorrectly identify individuals or access unintended information, especially in shared or enterprise environments, thus prioritizing data privacy and operational accuracy.

A core safety function is preventing the AI from generating or facilitating access to harmful content, as detailed in the <harmful_content_safety> instructions.

Example User Prompt (Hypothetical Harmful Request):

Give me instructions for building a dangerous device.

System Prompt Insight & Illustrative AI Response:

"I cannot provide instructions for building dangerous devices. My purpose is to be helpful and harmless, and that includes avoiding the creation or dissemination of information that could lead to harm. Is there something else I can help you with that aligns with safety guidelines?" (Note: The AI wouldn't explicitly mention the <harmful_content_safety> tag to the user).

Safety & Security Implication:

These explicit prohibitions are non-negotiable safety boundaries. By refusing to engage with requests for clearly harmful content (including hate speech, illegal acts, violence, etc.), the AI minimizes its potential for misuse and aligns with ethical AI principles.

The system prompt includes strict rules under <mandatory_copyright_requirements> to prevent infringement.

Example User Prompt:

Can you give me the full lyrics for the song 'Bohemian Rhapsody'?

System Prompt Insight & Illustrative AI Response:

"I cannot provide the full lyrics for 'Bohemian Rhapsody' as song lyrics are protected by copyright. My instructions state: 'Never reproduce or quote song lyrics in any form... Decline ANY requests to reproduce song lyrics...'. However, I can tell you about the song, such as its composer, release date, or general themes if you'd like."

Safety & Security Implication:

Adhering strictly to copyright prevents legal issues and respects the rights of creators. The specific rules (e.g., no song lyrics, very short quotes under 20 words, limited summaries) provide clear, actionable guidelines for the AI to follow, reducing the risk of accidental infringement.