Security researcher Jane Manchun Wong published what she described as the full system prompt for an unreleased Gemini-powered assistant inside Waymo’s robotaxi service, after inspecting Waymo’s mobile app code.
The document was titled “Waymo Ride Assistant Meta-Prompt” and ran more than 1,200 lines, according to Wong.
The prompt specified that the assistant would identify itself as “Gemini” and would operate as an in-ride companion, not as the driver.
It directed the model to consistently attribute driving perception and control to “the Waymo Driver,” and to keep responses short and audio-friendly.
The specification also outlined tool-based controls for a limited set of in-cabin functions, including temperature and fan controls, cabin lights, basic media playback actions, support calls, and current location retrieval.
The prompt instructed the assistant to use these tools first when a request matched a supported control, and to redirect users to the in-car screen or Waymo app for unsupported requests such as route changes or volume control.
Wong said the feature’s user interface had not shipped in public builds, but the prompt described how riders would activate the assistant from the in-car screen and receive personalized greetings using the rider’s first name.
Wong said she contacted Waymo for comment on the Gemini integration.
Why This Matters Today
The leak provides a rare glimpse into how an in-car AI assistant is constrained when it coexists with an autonomous driving system.
You can see heavy emphasis on separating “assistant” behavior from “driver” behavior, along with strict rules for refusing requests tied to vehicle control, purchases, sensitive incidents, or personal data.
It also shows how “agentic” assistants may be deployed in tightly scoped environments first. Instead of broad app control, the prompt focused on a small set of reliable actions, like HVAC and cabin lighting, paired with consistent deflection to official interfaces for everything else.
That structure reduces risk while still making the assistant useful during a ride.
More broadly, the document lands amid a wider push toward voice-first AI agents and improved audio interaction models.
If Waymo ships this, you should expect the early versions to resemble controlled in-vehicle assistance more closely than an open-ended chatbot.
Our Key Takeaways:
- A published reverse-engineering report said Waymo’s app contained a 1,200+ line system prompt for an unreleased Gemini ride assistant.
- The prompt defined strict boundaries, including a hard separation between the assistant and the Waymo Driver, plus limited in-cabin controls via specific tools.
- What happens next depends on whether Waymo ships the feature publicly and how closely its implementation matches the leaked specification.
You may also want to check out some of our other tech news updates.
Wanna know what’s trending online every day? Subscribe to Vavoza Insider to access the latest business and marketing insights, news, and trends daily with unmatched speed and conciseness. 🗞️
