One developer deployed a Claude-powered chatbot for their wedding guests - a custom concierge that knew the venue layout, ceremony schedule, local restaurant recommendations, and answers to common questions about the event. Guests used it to find parking, check the itinerary, and get directions. The second most popular activity was trying to jailbreak it.
This pattern shows up in virtually every public-facing AI deployment. Give a group of people access to a constrained AI and a reliable percentage will probe its limits immediately - not out of malice, but because it's genuinely fun. Wedding guests between cocktail hour and dinner are exactly the kind of bored, curious audience that will spend 20 minutes trying to get a chatbot to say something it shouldn't.
The more instructive part is how Claude handles this in practice. Consumer deployments don't get to curate their users. Anyone building a public AI assistant - for customers, event attendees, or employees - needs to treat adversarial prompting as a certainty, not an edge case. That means testing your system prompt against obvious attack vectors before launch, not after your guests have had a few drinks.
What the developer built is genuinely practical. Venue-specific information, FAQs, local recommendations - these are high-volume, low-stakes queries that are well-suited for a retrieval-based chatbot (one that pulls from a curated knowledge base rather than generating answers from scratch). The jailbreaking attempts are a feature of any public deployment, not a problem specific to this one use case.
The lesson for anyone building Claude-powered tools for an audience you don't control: stress-test your system prompt before go-live. Your users will find the gaps regardless.