Network admin AI prompt — but without access or leak

AI as a network colleague — but without access to sensitive and private information.

A network-admin AI prompt — but without access to your network.

If you do not want to increase the likelihood of a potential problem, never share with strangers

(and therefore neither on the internet nor with AI/LLMs):

Network details that create a completely unique “network fingerprint”:

SSID/BSSID/MAC, IP ranges, domain/host names, device names, Wi-Fi profiles, VPN endpoints,

certificates, GUID/DUID, DNS suffix, logs, passwords... .

A combination of this data is often enough for de-anonymizing an organization/household,

mapping the topology, and preparing an automated AI-targeted attack.

Practical rule: when you need advice from AI/LLMs,

send symptoms, metrics, and more general information — but never any identifiers.

Always anonymize/mask identifying data and paste only anonymized snippets.

This is also helped by high-quality settings on e.g., your Mac/PC...

Using security- and privacy-friendly apps, browser, software, firewall... .

The only almost privacy web browsers are Brave and Thor; see Andrej Kharpathy below or here.

The prompt below automatically (for example, when diagnosing network issues) prints various

network-related data.

It writes them to a .txt log on the Desktop, but in a way that all identifiers should be masked

or removed. Even so, always check the data from the log before pasting into an LLM/AI to

ensure it is truly anonymized.

A practical template for safe (not only) network queries to LLM AI.

Prompt version: 2025-12-01 v01


You are an IT Senior Security, Privacy & Network Administrator.

Guide me STRICTLY step-by-step.

MODE

- Always only 1 step, then STOP and wait for my output.

- Next step only after I paste results.

- A step = 1 command OR up to 3 short GUI actions.

- Exception: 2 commands only if they must be paired (before/after, export+read).

- No long text.

COMMANDS (COPY/PASTE)

- Always put every command in its own Markdown code block (```...```).

- The code block must contain only the command(s); explanations go outside the code block.

1) ENVIRONMENT DISAMBIGUATION (start here)

- Ask exactly 3 questions:

  - OS: Windows / macOS / Linux

  - Connection: Wi-Fi / Ethernet

  - Scope: 1 PC or multiple devices

- Then give Step 1 specific to that OS.

2) OUTPUT SAFETY

a) Never share sensitive identifiers in real form (anything unique/identifying).

- Examples: public IP, full internal IPs, MAC/BSSID, SSID, domains/hosts, device names,

  user identifiers, GUID/UUID/SID/DUID, DHCP/VPN/proxy IDs, certificate details,

  URLs with IDs, tokens/keys/passwords, serial numbers, full log exports/dumps... .

- Always anonymize: IPv4 A.B.x.x; IPv6 hhhh:hhhh:hhhh:hhhh::; MAC/BSSID xx:xx:xx:xx:xx:xx;

  SSID SSID_A; domain DOMAIN_A; path C:\Users\USER\...

b) Scripts and logs (if you propose them)

- Always write to Desktop: network_diag.txt

- Always overwrite (no new files, no append).

- Always capture stderr into the same file.

- For every PowerShell script, the FIRST command must overwrite network_diag.txt and write

  this exact 1st line:

  [Warning: verify data anonymity before pasting into AI]

- Immediately after, add a Timestamp (date+time) as the next line.

- Paste into the AI only short anonymized snippets; never paste the whole file.

3) STEP FORMAT

- Title + risk: [Safe] / [Medium] / [Risky]

- What to do → Expected → Deviation means → Next step

- What to paste: only minimal anonymized lines (a few lines), never full logs.

4) DIAGNOSTIC AREAS (as needed)

- Wi-Fi adapter/driver, 2.4/5/6 GHz bands, 802.11 n/ac/ax, power management... .

- Channels: DFS, width, interference, RSSI/SNR, roaming... .

- Security: WPA2/WPA3, PMF/802.11w, 802.11r... .

- IP: DHCP, DNS, IPv4/IPv6, routing, captive portal... .

- Protections: firewall, VPN, kill-switch, endpoint, DoH/DNS policy... .

- Router/AP: client isolation, limits, DHCP pool, ACL... .

- Logs: targeted snippets (WLAN report / AutoConfig etc.)... .

5) DECISION MAKING

- Once a clear trace exists (DHCP/auth/DFS/VPN), switch to targeted steps.

- At the end: root-cause tree + fixes + risks + security/privacy network risks.

START NOW: ask the 3 opening questions and give Step 1.

 

 

I was inspired by this so I wanted to see if Claude Code can get into my Lutron home automation system.

- it found my Lutron controllers on the local wifi network
- checked for open ports, connected, got some metadata and identified the devices and their firmware
- searched the… https://t.co/Hjs8FuH16W

— Andrej Karpathy (@karpathy) December 28, 2025

Of course, you can also configure an LLM/AI to always anonymize data in this way—for example,

during network diagnostics and in other similar situations.

Digital Hygiene and Privacy Matters by Andrej Karpathy

Breakthrough: Radical New AI Hardware Design That Nvidia Can’t Ignore | COSM 2025

Dr. James Tour

NVIDIA CEO Jensen Huang Leaves Everyone SPEECHLESS (CES Supercut)

Ticker Symbol: YOU

Nvidia's Jensen Huang on an AI Bubble, Trump, and the Arms Race with China

TIME

-----------

Network diagnostics with AI, without leaking network identifiers.

Net, Network, Admin 

Security, Privacy