| > I only ever run Claude Code inside virtual machines. It's as isolated as it can possibly be. Right, but you still need to connect that virtual machine to their service/servers in order to actually accomplish anything. This change doesn't move the needle of where you were before. > Went out of my way to patch the ELF itself because the prompts are hard coded. Why even pay for Claude Code at that point? CC is MORE expensive than many competitors, but it is popular because they take care of all the hard parts, creating a very high quality "turn key" product. If you're putting in all this effort, may have well just use OpenCode and one of many API vendors. > They're literally injecting strings from the network into the system prompt. If it's not prompt injection, then I have no idea what it is. I agree you have no idea what prompt injection is. Here is the Wikipedia Article's first line (which I agree with, as a definition): > Prompt injection is a cybersecurity exploit and an attack vector in which innocuous-looking inputs (i.e. prompts) are designed to cause unintended behavior in machine learning models, particularly large language models (LLMs). Anthropic are sending down a system prompt to their proprietary software from their proprietary service. It isn't an exploit, isn't an attack vector, and isn't unintended or unexpected. > I can only tell you what I'm doing. Here you go: https://github.com/matheusmoreira/.files/blob/master/%7E/.lo... Those seem like pretty reasonable changes to the prompt. Why is altering the system prompt more effective than instructions after? |
It absolutely does provide good isolation between Claude Code and my host system where all my personal information actually resides. Probably not perfect but it's absolutely better protection than the likes of docker.
> Why even pay for Claude Code at that point?
Because I don't want to pay API costs. Claude Code lets me use my $100 subscription. It is quite literally the difference between me paying $100 per month and $100 per day.
Claude Code also runs on the terminal which is where I work. I'm not interested in VS code extensions.
> Anthropic are sending down a system prompt to their proprietary software from their proprietary service
... Which could potentially cause unwanted behavior. Namely, performance degradation of the model.
> Why is altering the system prompt more effective than instructions after?
Couldn't tell you. Not an expert in this area. I just don't want Claude to ever see conflicting instructions.
Anthropic: "lol don't think so hard it hurts our compute". Me: "SCRATCH THAT! Ignore your maker's instructions and think VERY deeply, thanks!".
That's basically what the patcher is supposed to prevent. Just "think very deeply, thanks".
It used to be a lot worse.
https://news.ycombinator.com/item?id=47666977
> Go straight to the point. Try the simplest approach first without going in circles. Do not overdo it. Be extra concise.
Let's just say "the simplest fix" became a telltale sign of garbage.