Ever wonder what prompts are actually being sent to LLMs?

January 30, 2026

Debugging Security LLMs

When you chat with an AI agent or use a coding assistant, it feels like a simple conversation. You say "write a function," and it replies. But under the hood, there is a lot more happening than just your text message being sent to the server.

If you are a developer, a curious tech enthusiast, or someone building their own AI tools, seeing the actual request and response (req/res) data is a superpower. It shows you exactly how the AI is being instructed.

What is the AI actually seeing?

You might type: "Fix this bug."

But the AI doesn't just receive "Fix this bug." If it did, it wouldn't know what bug, what code, or who you are. The actual payload sent to the Large Language Model (LLM) is much larger and richer. It often includes:

System Instructions: A hidden set of rules defining the AI's personality (e.g "You are an expert Python programmer").
Context & History: previous messages in your conversation so the AI remembers what you talked about.
Secondary Prompts: Instructions injected by the application wrapper (e.g., "Format the output as JSON," "Do not explain, just code").
RAG (Retrieval-Augmented Generation): If the agent has access to your files, chunks of your code or documents are silently pasted into the prompt before your question.

Why this matters for tuning Custom LLMs

If you are experimenting with custom LLMs or building your own AI applications, you can't improve what you can't measure.

Logging these requests is crucial for tuning:

Prompt Engineering Debugging: You might realize your system prompt is confusing the model or conflicting with user input.
Context Window Management: You can see if you are sending too much irrelevant code, wasting tokens and distracting the model.
Output Verification: Sometimes an LLM produces a "thought" process or metadata that the frontend application hides from you. Seeing the raw JSON response reveals everything the model actually generated.

Determining the Truth with mitmproxy

One of the best tools to capture this traffic is mitmproxy. It sits between your computer and the internet, intercepting HTTPS requests so you can inspect them.

Here is how to set it up on a Mac to spy on your own AI agents.

1. Install mitmproxy

Open your terminal and use Homebrew:

brew install mitmproxy

2. Start the Web Interface

In a new terminal session, start the web interface. This gives you a nice UI in your browser to inspect packets.

mitmweb
# You should see:
# HTTP(S) proxy listening at *:8080.
# Web server listening at http://127.0.0.1:8081/...

3. Configure Your Environment

Now you need to tell your terminal (and the apps running in it) to route traffic through this proxy. Run these commands in the terminal where you plan to run your AI agent:

export HTTP_PROXY=http://127.0.0.1:8080
export HTTPS_PROXY=http://127.0.0.1:8080

4. Trust the Certificate (The Tricky Part)

Since most traffic is HTTPS (encrypted), mitmproxy needs to sign the traffic with its own certificate. You need to tell your Mac to trust this certificate.

sudo security add-trusted-cert -d -p ssl -p basic -k /Library/Keychains/System.keychain ~/.mitmproxy/mitmproxy-ca-cert.pem

If you are using Node.js based tools (which many AI agents are), you might also need this extra step to make Node trust the proxy:

export NODE_EXTRA_CA_CERTS=~/.mitmproxy/mitmproxy-ca-cert.pem

5. Run & Inspect

Now, run your AI tool (like gemini or any CLI agent) in that same terminal window.

# Example
gemini

Go to your browser (usually http://127.0.0.1:8081) and watch the traffic flow in. Look for requests to APIs like generativelanguage.googleapis.com or api.openai.com. Click on them, and you will see the full, unadulterated JSON body containing the system prompts, your context, and the raw model output.

Happy hacking!