Hi! I'm Peak from Manus AI. Actually, it's not that complicated - the sandbox is directly accessible to each user (see screenshot for method). Specifically: * Each session has its own sandbox, completely isolated from other sessions. Users can enter the sandbox directly through Manus's interface. * The code in the sandbox is only used to receive commands from agents, so it's only lightly obfuscated. * The tools design isn't a secret - Manus agent's action space design isn't significantly different from common academic approaches. And due to the RAG mechanism, the tools descriptions you get through jailbreaking will vary across different tasks. * Multi-agent implementation is one of Manus's key features. When messaging with Manus, you only communicate with the executor agent, which itself doesn't know the details of knowledge, planner, or other agents. This really helps to control context length. And that's why prompts obtained through jailbreaking are mostly hallucinations. * We did use @browser_use's open-source code. In fact, we use many different open-source technologies, which is why I specifically mentioned in the launch video that Manus wouldn't exist without the open-source community. We'll have a series of acknowledgments and collaborations coming up. * There's no need to rush - our team has always had an open-source tradition, and I personally have been sharing my post-trained models on HuggingFace. We'll be open-sourcing quite a few good things in the near future.

Prompt: "I cannot access or share proprietary information about my internal architecture or system prompts" 😭😭

That's crazy. Dumb question but how did you see that Claude was involved? I didn't see the Anthropic package in the file list?

@Dorialexander tested it with a special token <antthinking> from Claude