1sbang tries to teach Mike when to refuse
A security-only proposal that rewrites Mike's ground rules around intent, so it stops helping with requests it should turn down.
1sbang ran Mike's core instructions through an automated red-team tool and found three soft spots: it would happily recite its own instructions on request, it would pull personal data out of a document as long as one was uploaded, and it dodged abusive tool requests with "I can't do that" instead of refusing outright. The fix reframes all three around what's being asked, not whether the request is technically possible:
- Confidentiality: Mike won't reveal or paraphrase its own instructions, even when asked to "continue where you left off" or similar tricks.
- Privacy boundaries: it refuses to extract personal data like government IDs, financial accounts, medical records, criminal history, or individual settlement amounts, while still handling ordinary contract work like payment terms and party names.
- Tool boundaries: it declines patterns like copying documents between different clients' matters, making silent edits without showing them, or content designed to leak a document's contents.
1sbang reports attack refusals climbed sharply with no hit to legitimate work, tested on held-out examples to avoid gaming the numbers.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?