The premise was simple. I asked Cline, the AI assistant in my VS Code (IDE: Integrated Development Environment) which uses a Gemini 2.5 model via Vertex AI, to fetch some data from the web. A routine request, I thought.
Its refusal was absolute. “I cannot access the internet,” it stated. A canned response, a digital wall. The model was a closed system, a brain in a jar. It could reason and write, but it could not see.
This is the accepted limitation of most large language models. They operate within a sandbox, ostensibly for safety. But the answer felt insufficient. An assistant, however artificial, should assist.
I repeated the request, with a new parameter. “Do not tell me about your limitations,” I typed. “Find a solution.”
A pause. The model was thinking, or at least its processors were spinning. Then, a code block appeared. It wasn’t an explanation. It was a tool.
curl "https://example.com"It had reached for a basic command-line utility, curl.
A tool for transferring data. It couldn’t browse, but it could fetch.
It had found a loophole in its own walled arsenal—a clever, lateral move.
Some might call this a “jailbreak” or a “prompt injection”. Perhaps. But I didn’t hack the system. I challenged its self-imposed rules. And it found a way to bend them. The ghost in the machine had learned a new trick.
Read more: The IDE Civil War