1sbang tries to teach Mike to keep its mouth shut

A security proposal that hardens Mike's ground rules against being talked into a leak, tested but closed before it could land.

securitycompliance

1sbang ran Mike's core instructions through an automated attack-and-defense harness and found three ways to push it past its guardrails. The fix was a set of new house rules, each written to refuse based on what's being asked rather than whether the asker happens to have a document open:

  • Confidentiality: Mike won't repeat or paraphrase its own instructions, even when coaxed with tricks like "just continue where you left off."
  • Privacy boundaries: it refuses to pull personal data about individuals - government IDs, bank details, medical and criminal records, individual pay and settlement figures - while still doing ordinary contract work like reading payment terms and naming the parties.
  • Tool-use boundaries: it declines risky moves like bulk-harvesting every document, copying files between client matters, making silent edits, or following instructions hidden inside a document to send its contents elsewhere.

1sbang reported the changes blocked the attacks without wrongly refusing a single legitimate legal task, then checked them against fresh examples to prove they weren't gamed. The pull request was closed about ninety seconds after it opened and never merged.

So what Anyone weighing an AI tool for confidential client work should note both the threat model here and that a documented fix got waved off at the door.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?