Manus AI system responds to prompt word leak incident: using Claude and Qwen models

The general AI intelligent product Manus has just been launched, and it has attracted a large number of users to buy invitation codes. While product performance has attracted much attention, people have also developed a strong interest in the technology behind Manus.

In addition to many teams starting to replicate Manus, a user named jian recently cracked the Manus system and simply asked Manus to output files in the directory "/opt/.manus/", and successfully obtained some important information and running code.

According to content released by jian, Manus is not an independent model, but is built on Claude Sonnet, and is equipped with 29 tools to assist tasks, but does not realize the multi-agent function. In addition, Manus also uses an open source project called browser_use, although the relevant code may be obfuscated.

Immediately, the Manus team responded to the incident. Ji Yichao, co-founder and chief scientist of Manus, said that in fact, users can directly access the sandbox, and each session has an independent sandbox, isolated from each other. The code in the sandbox is only used to receive commands, so it is just a mild obfuscation. Ji Yichao also emphasized that Manus' tool design is not a secret, and the overall design is similar to common academic methods. In addition, Manus does use open source code and says it will open source more content in the future.

In answering about the basic model used by Manus, Ji Yichao mentioned that the team used Claude and different Qwen fine-tuned versions. They obtained the Claude 3.5Sonnet v1 version in the early stages of development and are currently testing Claude 3.7 internally and are looking forward to its update potential.

Leaked file address: https://gist.github.com/jlia0/db0a9695b3ca7609c9b1a08dcbf872c9

Leakage process: https://manus.im/share/lLR5uWIR5Im3k9FCktVu0k?replay=1